|
292901
|
- |
|
china-on-site
|
flexcustomer0.0.6
|
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Da…
|
CWE-94
Code Injection
|
CVE-2008-6761
|
2017-09-29 10:33 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292902
|
- |
|
hypersilence
|
silentum_loginsys
|
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
|
CWE-287
Improper Authentication
|
CVE-2008-6763
|
2017-09-29 10:33 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292903
|
- |
|
shopsystem-forum
|
k\&s_shopsoftware
|
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then acce…
|
NVD-CWE-Other
|
CVE-2008-6768
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292904
|
- |
|
peterselie
|
yourplace
|
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then …
|
NVD-CWE-Other
|
CVE-2008-6769
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292905
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6770
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292906
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6771
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292907
|
- |
|
peterselie
|
yourplace
|
login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restriction…
|
CWE-20
Improper Input Validation
|
CVE-2008-6772
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292908
|
- |
|
peterselie
|
yourplace
|
Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php…
|
CWE-94
Code Injection
|
CVE-2008-6773
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292909
|
- |
|
scripts-for-sites
|
ez_hot_or_not
|
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6776
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292910
|
- |
|
myphp
|
myphp_forum
|
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in …
|
CWE-89
SQL Injection
|
CVE-2008-6777
|
2017-09-29 10:33 |
2009-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
