|
293031
|
- |
|
oramon
|
oramon
|
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credenti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6869
|
2017-09-29 10:33 |
2009-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293032
|
- |
|
merlix
|
educate_server
|
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6870
|
2017-09-29 10:33 |
2009-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293033
|
- |
|
merlix
|
educate_server
|
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6871
|
2017-09-29 10:33 |
2009-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293034
|
- |
|
aspthai.net
|
aspthai_forums
|
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database…
|
CWE-200
Information Exposure
|
CVE-2008-6872
|
2017-09-29 10:33 |
2009-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293035
|
- |
|
activewebsoftwares
|
active_web_mail
|
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) …
|
CWE-89
SQL Injection
|
CVE-2008-6873
|
2017-09-29 10:33 |
2009-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293036
|
- |
|
aspsiteware
|
autodealer
|
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
|
CWE-89
SQL Injection
|
CVE-2008-6874
|
2017-09-29 10:33 |
2009-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293037
|
- |
|
joompolitan
|
com_livechat
|
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2…
|
CWE-89
SQL Injection
|
CVE-2008-6881
|
2017-09-29 10:33 |
2009-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293038
|
- |
|
joompolitan
|
com_livechat
|
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET …
|
CWE-20
Improper Input Validation
|
CVE-2008-6882
|
2017-09-29 10:33 |
2009-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293039
|
- |
|
joompolitan
|
com_livechat
|
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the p…
|
CWE-89
SQL Injection
|
CVE-2008-6883
|
2017-09-29 10:33 |
2009-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293040
|
- |
|
xoops
|
xoops
|
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfi…
|
CWE-22
Path Traversal
|
CVE-2008-6884
|
2017-09-29 10:33 |
2009-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
