|
293941
|
- |
|
tpvgames
|
mpcs
|
admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2293
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293942
|
- |
|
mreaves
|
pet_grooming_management_system
|
Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2294
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293943
|
- |
|
rgboard
|
rgboard
|
Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and…
|
CWE-79
Cross-site Scripting
|
CVE-2008-2295
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293944
|
- |
|
rgboard
|
rgboard
|
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
|
CWE-94
Code Injection
|
CVE-2008-2296
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293945
|
- |
|
roticv
|
rantx
|
The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2297
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293946
|
- |
|
sourceforge
|
web_slider
|
Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2008-2298
|
2017-09-29 10:31 |
2008-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293947
|
- |
|
vastal
|
phpvid
|
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some …
|
CWE-79
Cross-site Scripting
|
CVE-2008-2335
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293948
|
- |
|
68_classifieds
|
68_classifieds
|
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
CWE-89
SQL Injection
|
CVE-2008-2336
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293949
|
- |
|
imgallery
|
imgallery
|
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php…
|
CWE-89
SQL Injection
|
CVE-2008-2337
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293950
|
- |
|
interspire
|
activekb
|
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2338
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
