| OSVDB ID | Disclosure Date | Title |
|---|
|
48806
Description:
Unknown / Incomplete
|
2008-10-06
|
Nucleus CMS Unspecified XSS
|
|
48809
Description:
Unknown / Incomplete
|
2008-10-06
|
Website Directory index.php keyword Variable XSS
|
|
48793
Description:
V-webmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides unexpected input to the login page, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2008-10-05
|
V-webmail Login Page imap_open() Function Path Disclosure
|
|
48794
Description:
V-webmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed session data, which will disclose the software's configured temporary directory resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2008-10-05
|
V-webmail Malformed Session Data Temporary Directory Disclosure
|
|
48795
Description:
V-webmail contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' field. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-10-05
|
V-webmail login.php username Field SQL Injection
|
|
48796
Description:
V-webmail contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "to" variable upon submission to the redirect.php script. This could allow a user to create a specially crafted URL that would allow malicious redirection in a user's browser to an arbitrary web site, without user interaction.
|
2008-10-05
|
V-webmail redirect.php to Variable Arbitrary Site Redirect
|
|
48804
Description:
Unknown / Incomplete
|
2008-10-04
|
JMweb MP3 Music Audio Search and Download Script listen.php src Variable Traversal Local File Inclusion
|
|
48805
Description:
Unknown / Incomplete
|
2008-10-04
|
JMweb MP3 Music Audio Search and Download Script download.php src Variable Traversal Local File Inclusion
|
|
48807
Description:
Unknown / Incomplete
|
2008-10-03
|
AmpJuke index.php special Variable SQL Injection
|
|
48731
Description:
Unknown / Incomplete
|
2008-10-03
|
WebBiscuits Multiple Products common/theme/default/header_setup.php Multiple Variable Remote File Inclusion
|
|
48810
Description:
Unknown / Incomplete
|
2008-10-03
|
AdaptCMS includes/check_user.php user_name Variable SQL Injection
|
|
48784
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2008-10-02
|
pam_krb5 existing_ticket KRB5CCNAME Variable Cached Credential Cross-user Privilege Escalation
|
|
48756
Description:
Unknown / Incomplete
|
2008-10-02
|
OpenX ac.php bannerid Variable SQL Injection
|
|
48785
Description:
Unknown / Incomplete
|
2008-10-02
|
phpscripts Ranking Script admin Cookie Manipulation Authentication Bypass
|
|
48744
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2008-10-02
|
OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing
|
|
48786
Description:
Unknown / Incomplete
|
2008-10-02
|
MediaWiki userskin Variable XSS
|
|
48787
Description:
Unknown / Incomplete
|
2008-10-02
|
MediaWiki LocalSettings.php wgGroupPermissions Variable Manipulation Restriction Manipulation
|
|
48710
Description:
Unknown / Incomplete
|
2008-10-02
|
MySQL Command Line Client HTML Output XSS
|
|
48745
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2008-10-02
|
Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing
|
|
48684
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2008-10-02
|
Blosxom blosxom.cgi flav Variable XSS
|
|
48725
Description:
Unknown / Incomplete
|
2008-10-02
|
AutoNessus bulk_update.pl remark Variable XSS
|
|
48752
Description:
Unknown / Incomplete
|
2008-10-02
|
mIRC PRIVMSG Message Handling Remote Overflow
|
|
48754
Description:
Unknown / Incomplete
|
2008-10-02
|
Libxml2 Predefined Entity Definition Crafted XML File Handling DoS
|
|
48708
Description:
Unknown / Incomplete
|
2008-10-01
|
MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
|
|
48709
Description:
Unknown / Incomplete
|
2008-10-01
|
MySQL Quick Admin actions.php lang Variable Traversal Local File Inclusion
|
|
48758
Description:
Unknown / Incomplete
|
2008-10-01
|
Freeway Service Resource Page Unspecified SQL Injection
|
|
48757
Description:
Unknown / Incomplete
|
2008-10-01
|
Freeway Advanced Search Result Page Unspecified SQL Injection
|
|
48799
Description:
Unknown / Incomplete
|
2008-10-01
|
Brilliant Gallery for Drupal Unspecified SQL Injection
|
|
48800
Description:
Unknown / Incomplete
|
2008-10-01
|
Brilliant Gallery for Drupal Unspecified XSS
|
|
48797
Description:
Unknown / Incomplete
|
2008-10-01
|
phpScheduleIt PHP reserve.php start_date Variable eval() Arbitrary Code Injection
|
|
48702
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2008-10-01
|
FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Spoofing
|
|
48686
Description:
Unknown / Incomplete
|
2008-10-01
|
Link Trader Script ratelink.php linkid Variable SQL Injection
|
|
48717
Description:
Unknown / Incomplete
|
2008-10-01
|
EC-CUBE Unspecified XSS
|
|
48718
Description:
Unknown / Incomplete
|
2008-10-01
|
EC-CUBE Unspecified SQL Injection
|
|
48670
Description:
Unknown / Incomplete
|
2008-10-01
|
Juniper NetScreen ScreenOS Login Page XSS
|
|
48808
Description:
Unknown / Incomplete
|
2008-10-01
|
RPortal CMS index.php file_op Variable Remote File Inclusion
|
