|
285111
|
- |
|
lightneasy
sqlite
|
lightneasy
sqlite
|
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal …
|
CWE-22
Path Traversal
|
CVE-2008-6592
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285112
|
- |
|
lightneasy
sqlite
|
lightneasy
sqlite
|
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.…
|
CWE-89
SQL Injection
|
CVE-2008-6593
|
2018-10-12 05:57 |
2009-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285113
|
- |
|
sitexs_cms
|
sitexs_cms
|
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6617
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285114
|
- |
|
netlab
|
classsystem
|
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop…
|
CWE-89
SQL Injection
|
CVE-2008-6618
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285115
|
- |
|
netlab
|
classsystem
|
Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6619
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285116
|
- |
|
lokicms
|
lokicms
|
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration setti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6643
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285117
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6644
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285118
|
- |
|
opencosmo
|
visualsentinel
|
Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6645
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285119
|
- |
|
coronamatrix
|
phpaddressbook
|
Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6646
|
2018-10-12 05:57 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285120
|
- |
|
ozerov
|
bigdump
|
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .…
|
NVD-CWE-Other
|
CVE-2008-6660
|
2018-10-12 05:57 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
