|
292971
|
- |
|
shopsystem-forum
|
k\&s_shopsoftware
|
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then acce…
|
NVD-CWE-Other
|
CVE-2008-6768
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292972
|
- |
|
peterselie
|
yourplace
|
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then …
|
NVD-CWE-Other
|
CVE-2008-6769
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292973
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6770
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292974
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6771
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292975
|
- |
|
peterselie
|
yourplace
|
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restriction…
|
CWE-20
Improper Input Validation
|
CVE-2008-6772
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292976
|
- |
|
peterselie
|
yourplace
|
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php…
|
CWE-94
Code Injection
|
CVE-2008-6773
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292977
|
- |
|
scripts-for-sites
|
ez_hot_or_not
|
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6776
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292978
|
- |
|
myphp
|
myphp_forum
|
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in …
|
CWE-89
SQL Injection
|
CVE-2008-6777
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292979
|
- |
|
scripts-for-sites
|
ez_auction
|
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6778
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292980
|
- |
|
scripts-for-sites
|
ez_affiliate
|
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
CWE-89
SQL Injection
|
CVE-2008-6780
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
