CVE-2008-6295

Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php.

Publication date: Thu, 26 Feb 2009 22:17:00 +0000


Cyber News related to CVE-2008-6295

CVE-2008-6295 - Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; ...
7 years ago
CVE-2016-6295 - ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and ...
6 years ago
CVE-2014-6295 - SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
10 years ago
CVE-2015-6295 - Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN ...
7 years ago
CVE-2007-6295 - Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. ...
7 years ago
CVE-2010-1571 - Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a ...
7 years ago
CVE-2006-6295 - PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. ...
7 years ago
CVE-2017-6295 - NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is ...
6 years ago
CVE-2019-6295 - Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter. ...
5 years ago
CVE-2018-6295 - Unencrypted way of remote control and communications in Hanwha Techwin Smartcams ...
5 years ago
CVE-2013-6295 - PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module ...
4 years ago
CVE-2020-6295 - Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed ...
3 years ago
CVE-2023-6295 - The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite ...
1 year ago Tenable.com
CVE-2024-6295 - udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP ...
5 months ago
CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
54 years ago Tenable.com
CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2615 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2621 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2622 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2616 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2618 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2620 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-3892 - Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build ...
6 years ago
CVE-2008-3696 - Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build ...
6 years ago
CVE-2008-3695 - Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)