|
292801
|
- |
|
donnafontenot
|
mycal_personal_events_calendar
|
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and passw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6357
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292802
|
- |
|
socialgroupie
|
social_groupie
|
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6358
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292803
|
- |
|
insun_podcast
|
feedcms
|
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parame…
|
CWE-22
Path Traversal
|
CVE-2008-6361
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292804
|
- |
|
ezonelink
|
multiple_membership_script
|
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6362
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292805
|
- |
|
capilano
|
designworks
|
Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-6363
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292806
|
- |
|
adserversolutions
|
banner_exchange_software
|
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) …
|
CWE-89
SQL Injection
|
CVE-2008-6364
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292807
|
- |
|
adserversolutions
|
ad_management_software
|
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to…
|
CWE-89
SQL Injection
|
CVE-2008-6365
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292808
|
- |
|
adserversolutions
|
affiliate_software_java
|
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly r…
|
CWE-89
SQL Injection
|
CVE-2008-6366
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292809
|
- |
|
socialgroupie
|
social_groupie
|
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then …
|
CWE-20
Improper Input Validation
|
CVE-2008-6367
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292810
|
- |
|
ocean12tech
|
contact_manager_pro
|
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6369
|
2017-09-29 10:33 |
2009-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
