|
292951
|
- |
|
cmscout
|
cmscout
|
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit param…
|
CWE-22
Path Traversal
|
CVE-2008-6726
|
2017-09-29 10:33 |
2009-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292952
|
- |
|
myupb
|
upb
|
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP head…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6727
|
2017-09-29 10:33 |
2009-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292953
|
- |
|
phpmotion
|
phpmotion
|
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify…
|
CWE-352
Origin Validation Error
|
CVE-2008-6729
|
2017-09-29 10:33 |
2009-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292954
|
- |
|
china-on-site
|
flexphplink
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) t…
|
CWE-89
SQL Injection
|
CVE-2008-6730
|
2017-09-29 10:33 |
2009-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292955
|
- |
|
china-on-site
|
flexphplink
|
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessin…
|
CWE-20
Improper Input Validation
|
CVE-2008-6731
|
2017-09-29 10:33 |
2009-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292956
|
- |
|
keller_web_admin
|
kwa
|
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
|
CWE-22
Path Traversal
|
CVE-2008-6734
|
2017-09-29 10:33 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292957
|
- |
|
thaiquickcart
|
thaiquickcart
|
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
|
CWE-22
Path Traversal
|
CVE-2008-6735
|
2017-09-29 10:33 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292958
|
- |
|
mark_girling
|
myshoutpro
|
MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2008-6738
|
2017-09-29 10:33 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292959
|
- |
|
toddwoolums
|
asp_download
|
Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request.
|
CWE-287
Improper Authentication
|
CVE-2008-6739
|
2017-09-29 10:33 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292960
|
- |
|
homap
|
homap
|
PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter.
|
CWE-94
Code Injection
|
CVE-2008-6740
|
2017-09-29 10:33 |
2009-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
