|
258721
|
- |
|
openautoclassifieds
|
open_auto_classifieds
|
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to …
|
CWE-89
SQL Injection
|
CVE-2008-6656
|
2017-09-29 10:33 |
2009-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258722
|
- |
|
simple_machines
|
simple_machines_forum
|
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for r…
|
CWE-352
Origin Validation Error
|
CVE-2008-6657
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258723
|
- |
|
simple_machines
|
simple_machines_forum
|
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary dire…
|
CWE-22
Path Traversal
|
CVE-2008-6658
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258724
|
- |
|
simple_machines
|
simple_machines_forum
|
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution…
|
CWE-22
Path Traversal
|
CVE-2008-6659
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258725
|
- |
|
phpauctions
|
phpauctions
|
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different v…
|
CWE-89
SQL Injection
|
CVE-2008-6663
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258726
|
- |
|
anantasoft
|
ananta_cms
|
change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.
|
CWE-94
Code Injection
|
CVE-2008-6665
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258727
|
- |
|
marc_melvin
|
a\+_php_scripts_news_management_system
|
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
|
CWE-287
Improper Authentication
|
CVE-2008-6667
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258728
|
- |
|
dirk_bartley
|
nweb2fax
|
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename p…
|
CWE-22
Path Traversal
|
CVE-2008-6668
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258729
|
- |
|
dirk_bartley
|
nweb2fax
|
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
|
CWE-78
OS Command
|
CVE-2008-6669
|
2017-09-29 10:33 |
2009-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258730
|
- |
|
yourfreeworld
|
apartment_search_script
|
Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6683
|
2017-09-29 10:33 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
