|
293021
|
- |
|
x7_group
|
x7_chat
|
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
|
CWE-89
SQL Injection
|
CVE-2008-6964
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293022
|
- |
|
aj_square
|
aj_auction
|
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass au…
|
CWE-287
Improper Authentication
|
CVE-2008-6965
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293023
|
- |
|
aj_square
|
aj_auction
|
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6966
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293024
|
- |
|
simplemachines
|
smf
|
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidd…
|
CWE-255
Credentials Management
|
CVE-2008-6971
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293025
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execut…
|
CWE-352
Origin Validation Error
|
CVE-2008-6974
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293026
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary …
|
CWE-352
Origin Validation Error
|
CVE-2008-6975
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293027
|
- |
|
fullrevolution
|
aspwebalbum
|
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6977
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293028
|
- |
|
fullrevolution
|
aspwebalbum
|
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a d…
|
CWE-20
Improper Input Validation
|
CVE-2008-6978
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293029
|
- |
|
devalcms
|
devalcms
|
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6982
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293030
|
- |
|
devalcms
|
devalcms
|
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonst…
|
CWE-94
Code Injection
|
CVE-2008-6983
|
2017-09-29 10:33 |
2009-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
