|
293011
|
- |
|
webhost-panel
|
bankoi_webhosting_control_panel
|
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
|
CWE-89
SQL Injection
|
CVE-2008-6950
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293012
|
- |
|
cms.maury91
|
maurycms
|
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary fil…
|
CWE-287
Improper Authentication
|
CVE-2008-6951
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293013
|
- |
|
cms.maury91
|
maurycms
|
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6952
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293014
|
- |
|
infireal
|
mxcamarchive
|
mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for…
|
CWE-200
Information Exposure
|
CVE-2008-6955
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293015
|
- |
|
infireal
|
mxcamarchive
|
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description para…
|
CWE-94
Code Injection
|
CVE-2008-6956
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293016
|
- |
|
discuz
|
discuz\!
|
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6957
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293017
|
- |
|
comsenz
|
crossday_discuz\!_board
|
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
|
CWE-94
Code Injection
|
CVE-2008-6958
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293018
|
- |
|
chilkatsoft
|
chilkat_socket
|
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastE…
|
NVD-CWE-Other
|
CVE-2008-6959
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293019
|
- |
|
x10media
|
x10_automatic_mp3_script
|
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6960
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293020
|
- |
|
turnkeyforms
|
text_link_sales
|
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6963
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
