|
258331
|
- |
|
sami_ekblad
|
page_manager
|
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7167
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258332
|
- |
|
jabode
|
com_jabode
|
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
|
CWE-89
SQL Injection
|
CVE-2008-7169
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258333
|
- |
|
yanick_bourbeau
|
lightweight_news_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, …
|
CWE-79
Cross-site Scripting
|
CVE-2008-7171
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258334
|
- |
|
yanick_bourbeau
|
lightweight_news_portal
|
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php wi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7172
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258335
|
- |
|
celina_jorge
|
facil_cms
|
Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload paramete…
|
CWE-22
Path Traversal
|
CVE-2008-7176
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258336
|
- |
|
xoops
|
uploader
|
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
|
CWE-22
Path Traversal
|
CVE-2008-7178
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258337
|
- |
|
otmanager
|
otmanager_cms
|
OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in…
|
CWE-287
Improper Authentication
|
CVE-2008-7179
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258338
|
- |
|
rittwick_banerjee
|
telephone_directory_2008
|
del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.
|
CWE-20
Improper Input Validation
|
CVE-2008-7180
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258339
|
- |
|
butterflymedia
|
butterfly_organizer
|
Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7181
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258340
|
- |
|
netwin
|
surgemail
|
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arb…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7182
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
