|
293721
|
- |
|
bncwi
|
bncwi
|
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5948
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293722
|
- |
|
tiddlywiki
|
cctiddly
|
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/pr…
|
CWE-94
Code Injection
|
CVE-2008-5949
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293723
|
- |
|
aspapps
|
template_creature
|
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5950
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293724
|
- |
|
aspapps
|
template_creature
|
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/tem…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5951
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293725
|
- |
|
ktp_computer_customer_database
|
ktp_computer_customer_database
|
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid paramete…
|
CWE-89
SQL Injection
|
CVE-2008-5952
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293726
|
- |
|
ktp_computer_customer_database
|
ktp_computer_customer_database
|
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot…
|
CWE-22
Path Traversal
|
CVE-2008-5953
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293727
|
- |
|
phpstreet
|
webboard
|
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5955
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293728
|
- |
|
phpstreet
|
webboard
|
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct reque…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5956
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293729
|
- |
|
activewebsoftwares
|
active_test
|
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiz…
|
CWE-89
SQL Injection
|
CVE-2008-5958
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293730
|
- |
|
active_web_softwares
|
active_test
|
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password pa…
|
CWE-89
SQL Injection
|
CVE-2008-5959
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
