|
293591
|
- |
|
digitalgreys
|
com_contactinfo
|
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.ph…
|
CWE-89
SQL Injection
|
CVE-2008-5494
|
2017-09-29 10:32 |
2008-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293592
|
- |
|
pozscripts
|
business_directory_script
|
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5496
|
2017-09-29 10:32 |
2008-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293593
|
- |
|
bandsitecms
|
bandsite_cms
|
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
|
CWE-287
Improper Authentication
|
CVE-2008-5497
|
2017-09-29 10:32 |
2008-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293594
|
- |
|
dazzlindonna
|
postecards
|
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5559
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293595
|
- |
|
dazzlindonna
|
postecards
|
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5560
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293596
|
- |
|
netref
|
netref
|
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
|
CWE-89
SQL Injection
|
CVE-2008-5561
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293597
|
- |
|
aspapps
|
aspportal
|
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5562
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293598
|
- |
|
dinkumsoft
|
dl_paycart
|
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the N…
|
CWE-352
Origin Validation Error
|
CVE-2008-5565
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293599
|
- |
|
phpmultiplenewsletters
|
phpmultiplenewsletters
|
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5566
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293600
|
- |
|
bonzacart
|
bonza_cart
|
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with th…
|
CWE-352
Origin Validation Error
|
CVE-2008-5567
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
