|
347701
|
- |
|
phpkobo
|
adfreely
|
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via…
|
CWE-22
Path Traversal
|
CVE-2010-1057
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347702
|
- |
|
phpkobo
|
address_book_script
|
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local …
|
CWE-22
Path Traversal
|
CVE-2010-1058
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347703
|
- |
|
aspindir
|
erolife_ajxgaleri_vt
|
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1064
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347704
|
- |
|
lebisoft
|
ziyaretci_defteri
|
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1065
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347705
|
- |
|
the-ghost
|
ar_web_content_manager
|
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for contr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1066
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347706
|
- |
|
hasmir_alic
|
e-membres
|
E-membres 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/bdEMembres.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1067
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347707
|
- |
|
netwin
|
surgeftp
|
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid param…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1068
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347708
|
- |
|
imagoscripts
|
deviant_art_clone
|
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.
|
CWE-89
SQL Injection
|
CVE-2010-1070
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347709
|
- |
|
phpmdj
|
phpmdj
|
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2010-1071
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347710
|
- |
|
sniggabo
|
sniggabo_cms
|
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-1072
|
2017-08-17 10:32 |
2010-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
