|
292701
|
- |
|
interspire
|
activekb
|
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2338
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292702
|
- |
|
news_manager
|
news_manager
|
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php…
|
CWE-89
SQL Injection
|
CVE-2008-2340
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292703
|
- |
|
avalonnet
|
news_manager
|
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
|
CWE-94
Code Injection
|
CVE-2008-2341
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292704
|
- |
|
news_manager
|
news_manager
|
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
CWE-22
Path Traversal
|
CVE-2008-2342
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292705
|
- |
|
news_manager
|
news_manager
|
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2343
|
2017-09-29 10:31 |
2008-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292706
|
- |
|
alkalinephp
|
alkalinephp
|
AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2346
|
2017-09-29 10:31 |
2008-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292707
|
- |
|
mypicgallery
|
mypicgallery
|
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
|
CWE-287
Improper Authentication
|
CVE-2008-2347
|
2017-09-29 10:31 |
2008-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292708
|
- |
|
meltingicefs
|
meltingice_file_system
|
MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2348
|
2017-09-29 10:31 |
2008-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292709
|
- |
|
zomp
|
zomplog
|
Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2349
|
2017-09-29 10:31 |
2008-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292710
|
- |
|
webmanager-pro
|
cms_webmanager-pro
|
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
|
CWE-89
SQL Injection
|
CVE-2008-2351
|
2017-09-29 10:31 |
2008-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
