|
291921
|
- |
|
xoops
|
uploader
|
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
|
CWE-22
Path Traversal
|
CVE-2008-7178
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291922
|
- |
|
otmanager
|
otmanager_cms
|
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in…
|
CWE-287
Improper Authentication
|
CVE-2008-7179
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291923
|
- |
|
rittwick_banerjee
|
telephone_directory_2008
|
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
|
CWE-20
Improper Input Validation
|
CVE-2008-7180
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291924
|
- |
|
butterflymedia
|
butterfly_organizer
|
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7181
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291925
|
- |
|
netwin
|
surgemail
|
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arb…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7182
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291926
|
- |
|
clip-share
|
clipshare
|
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7188
|
2017-09-29 10:33 |
2009-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291927
|
- |
|
ming_han
|
ajchat
|
directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which pre…
|
CWE-89
SQL Injection
|
CVE-2008-7210
|
2017-09-29 10:33 |
2009-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291928
|
- |
|
elinks
|
elinks
|
Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7224
|
2017-09-29 10:33 |
2009-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291929
|
- |
|
linuxwebshop
|
php_user_base
|
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template par…
|
CWE-94
CWE-22
Code Injection
Path Traversal
|
CVE-2008-7240
|
2017-09-29 10:33 |
2009-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291930
|
- |
|
talkback
|
talkback
|
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
|
CWE-200
Information Exposure
|
CVE-2008-4115
|
2017-09-29 10:32 |
2008-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
