|
291621
|
- |
|
robs-projects
|
asp_user_engine.net
|
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6494
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291622
|
- |
|
visagesoft
|
expert_pdf_editorx
|
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary fil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6496
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291623
|
- |
|
apachefriends
|
xampp
|
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess…
|
CWE-352
Origin Validation Error
|
CVE-2008-6498
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291624
|
- |
|
apachefriends
|
xampp
|
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMO…
|
CWE-94
Code Injection
|
CVE-2008-6499
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291625
|
- |
|
prochatrooms
|
pro_chat_rooms
|
Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6501
|
2017-09-29 10:33 |
2009-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291626
|
- |
|
prochatrooms
|
pro_chat_rooms
|
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause …
|
CWE-22
Path Traversal
|
CVE-2008-6502
|
2017-09-29 10:33 |
2009-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291627
|
- |
|
aphpkb
|
aphpkb
|
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then …
|
CWE-94
Code Injection
|
CVE-2008-6513
|
2017-09-29 10:33 |
2009-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291628
|
- |
|
vidiscript
|
vidiscript
|
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing…
|
CWE-94
Code Injection
|
CVE-2008-6518
|
2017-09-29 10:33 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291629
|
- |
|
imatix
|
xitami
|
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary co…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2008-6519
|
2017-09-29 10:33 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291630
|
- |
|
cale_dunlap
|
openinvoice
|
auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerabi…
|
CWE-287
Improper Authentication
|
CVE-2008-6523
|
2017-09-29 10:33 |
2009-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
