|
258621
|
- |
|
docebo
|
docebo
|
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.p…
|
CWE-200
Information Exposure
|
CVE-2008-7154
|
2017-09-29 10:33 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258622
|
- |
|
ekinboard
|
ekinboard
|
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrat…
|
CWE-287
Improper Authentication
|
CVE-2008-7156
|
2017-09-29 10:33 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258623
|
- |
|
ekinboard
|
ekinboard
|
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe ext…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7157
|
2017-09-29 10:33 |
2009-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258624
|
- |
|
sinecms
|
sinecms
|
Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via…
|
CWE-22
Path Traversal
|
CVE-2008-7163
|
2017-09-29 10:33 |
2009-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258625
|
- |
|
sami_ekblad
|
page_manager
|
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7167
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258626
|
- |
|
jabode
|
com_jabode
|
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
|
CWE-89
SQL Injection
|
CVE-2008-7169
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258627
|
- |
|
yanick_bourbeau
|
lightweight_news_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, …
|
CWE-79
Cross-site Scripting
|
CVE-2008-7171
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258628
|
- |
|
yanick_bourbeau
|
lightweight_news_portal
|
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php wi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7172
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258629
|
- |
|
celina_jorge
|
facil_cms
|
Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) change_lang parameter to index.php or (2) modload paramete…
|
CWE-22
Path Traversal
|
CVE-2008-7176
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258630
|
- |
|
xoops
|
uploader
|
Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php.
|
CWE-22
Path Traversal
|
CVE-2008-7178
|
2017-09-29 10:33 |
2009-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
