|
293741
|
- |
|
ocean12_technologies
|
mailing_list_manager
|
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5980
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293742
|
- |
|
pacosdrivers
|
pacpoll
|
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5981
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293743
|
- |
|
jadu
|
jadu_cms_for_government
|
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5988
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293744
|
- |
|
phpcounter
|
phpcounter
|
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot do…
|
CWE-22
Path Traversal
|
CVE-2008-5989
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293745
|
- |
|
eduforge
|
emergecolab
|
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/i…
|
CWE-22
Path Traversal
|
CVE-2008-5990
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293746
|
- |
|
mailwatch
|
mailwatch
|
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc paramet…
|
CWE-22
Path Traversal
|
CVE-2008-5991
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293747
|
- |
|
jetik
|
jetik_emlak_sistem_a
|
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
|
CWE-89
SQL Injection
|
CVE-2008-5992
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293748
|
- |
|
barcodephp
|
barcodegen_1d
|
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the co…
|
CWE-22
Path Traversal
|
CVE-2008-5993
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293749
|
- |
|
adnforum
|
adnforum
|
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6001
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293750
|
- |
|
web-cp
|
web-cp
|
Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parame…
|
CWE-22
Path Traversal
|
CVE-2008-6002
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
