|
258311
|
- |
|
qsoft-inc
|
k-rate
|
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] va…
|
CWE-89
SQL Injection
|
CVE-2008-7097
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258312
|
- |
|
qsoft-inc
|
k-rate
|
Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7098
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258313
|
- |
|
qsoft-inc
|
k-rate
|
Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information …
|
NVD-CWE-noinfo
|
CVE-2008-7099
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258314
|
- |
|
najdi.si
|
toolbar
|
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7103
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258315
|
- |
|
eset
|
smart_security
|
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
|
CWE-20
Improper Input Validation
|
CVE-2008-7107
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258316
|
- |
|
ifusionservices
|
ifdate
|
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
|
CWE-89
SQL Injection
|
CVE-2008-7114
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258317
|
- |
|
belkin
|
f5d7632-4
wireless_g_router
|
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct req…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7115
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258318
|
- |
|
webidsupport
|
webid
|
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
|
CWE-89
SQL Injection
|
CVE-2008-7116
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258319
|
- |
|
webidsupport
|
webid
|
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7117
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258320
|
- |
|
webidsupport
|
webid
|
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7118
|
2017-09-29 10:33 |
2009-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
