|
293001
|
- |
|
minigal
|
minigal
|
Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in t…
|
CWE-22
Path Traversal
|
CVE-2008-6933
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293002
|
- |
|
sansuart
|
free_simple_guestbook_php_script
|
Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into mes…
|
CWE-94
Code Injection
|
CVE-2008-6934
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293003
|
- |
|
jabber
|
exodus
|
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pr…
|
CWE-94
Code Injection
|
CVE-2008-6936
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293004
|
- |
|
holger_zimmermann
|
pi3web
|
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obt…
|
CWE-20
Improper Input Validation
|
CVE-2008-6938
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293005
|
- |
|
turnkeyforms
|
web_hosting_directory
|
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by set…
|
CWE-287
Improper Authentication
|
CVE-2008-6939
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293006
|
- |
|
turnkeyforms
|
web_hosting_directory
|
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6940
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293007
|
- |
|
turnkeyforms
|
web_hosting_directory
|
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
|
CWE-89
SQL Injection
|
CVE-2008-6941
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293008
|
- |
|
scriptsfeed
|
realtor_classifieds_system
|
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an …
|
CWE-20
Improper Input Validation
|
CVE-2008-6942
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293009
|
- |
|
scriptsfeed
|
recipes_listing_portal
|
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe p…
|
CWE-20
Improper Input Validation
|
CVE-2008-6943
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293010
|
- |
|
scriptsfeed
|
auto_classifieds
|
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, …
|
CWE-20
Improper Input Validation
|
CVE-2008-6944
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
