|
258581
|
- |
|
ajsquare
|
aj_article
|
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.p…
|
CWE-287
Improper Authentication
|
CVE-2008-7051
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258582
|
- |
|
preprojects
|
pre_real_estate_listings
|
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten…
|
CWE-20
Improper Input Validation
|
CVE-2008-7052
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258583
|
- |
|
logmein
|
ractrl.dll
|
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigg…
|
CWE-399
Resource Management Errors
|
CVE-2008-7053
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258584
|
- |
|
grayscalecms
|
bandsite_cms
|
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7056
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258585
|
- |
|
grayscalecms
|
bandsite_cms
|
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-7057
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258586
|
- |
|
grayscalecms
|
bandsite_cms
|
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
|
CWE-352
Origin Validation Error
|
CVE-2008-7058
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258587
|
- |
|
lovecms
|
lovecms
|
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executab…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7062
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258588
|
- |
|
ocean12tech
|
faq_manager_pro
|
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
|
CWE-200
Information Exposure
|
CVE-2008-7063
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258589
|
- |
|
2enetworx
|
openforum
|
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password paramete…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7066
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258590
|
- |
|
pagetreecms
|
page_tree_cms
|
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config…
|
CWE-94
Code Injection
|
CVE-2008-7067
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
