CVE-2008-3253 (xenserver) Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise)...
CVE-2008-3262 (Claroline) Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
CVE-2008-3255 (webproxy) Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-3261 (Claroline) Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a...
CVE-2008-3258 (Zoph) Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3260 (Claroline) Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in...
CVE-2008-3256 (Siteframe Beaumont, siteframe_cms) SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands...
CVE-2008-3259 (OpenSSH) OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the...
CVE-2008-3254 (precms) SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
CVE-2008-3188 (libxcrypt) libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force...
CVE-2008-3263 (Asterisk) Asterisk allows remote attackers to cause a denial of service (CPU consumption) by quickly sending a large number of IAX POKE requests.
CVE-2008-3237 (iTechBids) Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
CVE-2008-3235 (WebSphere Application Server) Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.
CVE-2008-3245 (phphoo3) SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
CVE-2008-3243 (F-Prot Antivirus, scanning_engine) Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1)...
Latest Exploits
bailiwicked_host.rb.txt This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver....
emc-sql.txt EMC's Centera Universal Access product version CUA4.0_4735.p4 suffers from a SQL injection vulnerability.
joomlamamml-upload.txt The Joomla Mamml component suffers from a remote file disclosure vulnerability.
oss-bypass.txt Outpost Security Suite Pro version 2009 suffers from multiple bypass vulnerabilities when using special characters.
PR08-16.txt Moodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability.
PR08-13.txt A cross site scripting vulnerability exists in Moodle versions 1.7.4 and below.
presurveypoll-sql.txt Pre Survey Poll suffers from a SQL injection vulnerability in default.asp.
ezwebalbum-cookie.txt EZWebAlbum suffers from an insecure cookie handling vulnerability that allows anyone to be an administrator.
minix-dos.txt Minix version 3.1.2a suffers from a tty panic local denial of service vulnerability.
Pangolin
ProxMon: Automated WEB Application PenTesting
SNMPBrute
SNMP Enumeration and Hacking
Nipper 0.11
Windows NET-SNMP