|
292861
|
- |
|
wh-com
|
com_webhosting
|
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via th…
|
CWE-89
SQL Injection
|
CVE-2008-6653
|
2017-09-29 10:33 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292862
|
- |
|
openautoclassifieds
|
open_auto_classifieds
|
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to …
|
CWE-89
SQL Injection
|
CVE-2008-6656
|
2017-09-29 10:33 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292863
|
- |
|
simple_machines
|
simple_machines_forum
|
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for r…
|
CWE-352
Origin Validation Error
|
CVE-2008-6657
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292864
|
- |
|
simple_machines
|
simple_machines_forum
|
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary dire…
|
CWE-22
Path Traversal
|
CVE-2008-6658
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292865
|
- |
|
simple_machines
|
simple_machines_forum
|
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution…
|
CWE-22
Path Traversal
|
CVE-2008-6659
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292866
|
- |
|
phpauctions
|
phpauctions
|
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different v…
|
CWE-89
SQL Injection
|
CVE-2008-6663
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292867
|
- |
|
anantasoft
|
ananta_cms
|
change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.
|
CWE-94
Code Injection
|
CVE-2008-6665
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292868
|
- |
|
marc_melvin
|
a\+_php_scripts_news_management_system
|
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
|
CWE-287
Improper Authentication
|
CVE-2008-6667
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292869
|
- |
|
dirk_bartley
|
nweb2fax
|
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename p…
|
CWE-22
Path Traversal
|
CVE-2008-6668
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292870
|
- |
|
dirk_bartley
|
nweb2fax
|
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
|
CWE-78
OS Command
|
CVE-2008-6669
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
