|
258731
|
- |
|
yourfreeworld
|
apartment_search_script
|
Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header,…
|
CWE-20
Improper Input Validation
|
CVE-2008-6684
|
2017-09-29 10:33 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258732
|
- |
|
butterflymedia
|
butterfly_organizer
|
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable p…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6700
|
2017-09-29 10:33 |
2009-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258733
|
- |
|
preprojects
|
pre_ads_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2008-6715
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258734
|
- |
|
preprojects
|
pre_ads_portal
|
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
|
CWE-287
Improper Authentication
|
CVE-2008-6716
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258735
|
- |
|
uochm
|
signup
|
U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct reques…
|
CWE-287
Improper Authentication
|
CVE-2008-6717
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258736
|
- |
|
uochm
|
justbookit
|
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to…
|
CWE-287
Improper Authentication
|
CVE-2008-6718
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258737
|
- |
|
uochm
|
justlistit
|
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via …
|
CWE-287
Improper Authentication
|
CVE-2008-6719
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258738
|
- |
|
deltascripts
|
php_links
|
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin …
|
CWE-89
SQL Injection
|
CVE-2008-6720
|
2017-09-29 10:33 |
2009-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258739
|
- |
|
ajsquare
|
aj_article
|
SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field).
|
CWE-89
SQL Injection
|
CVE-2008-6721
|
2017-09-29 10:33 |
2009-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258740
|
- |
|
turnkeyforms
|
entertainment_portal
|
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
|
CWE-287
Improper Authentication
|
CVE-2008-6723
|
2017-09-29 10:33 |
2009-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
