|
257131
|
- |
|
ocean12_technologies
|
mailing_list_manager
|
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
|
CWE-89
SQL Injection
|
CVE-2008-5978
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257132
|
- |
|
ocean12_technologies
|
mailing_list_manager
|
Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5979
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257133
|
- |
|
ocean12_technologies
|
mailing_list_manager
|
Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5980
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257134
|
- |
|
pacosdrivers
|
pacpoll
|
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5981
|
2017-09-29 10:32 |
2009-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257135
|
- |
|
jadu
|
jadu_cms_for_government
|
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5988
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257136
|
- |
|
phpcounter
|
phpcounter
|
Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot do…
|
CWE-22
Path Traversal
|
CVE-2008-5989
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257137
|
- |
|
eduforge
|
emergecolab
|
Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/i…
|
CWE-22
Path Traversal
|
CVE-2008-5990
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257138
|
- |
|
mailwatch
|
mailwatch
|
Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc paramet…
|
CWE-22
Path Traversal
|
CVE-2008-5991
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257139
|
- |
|
jetik
|
jetik_emlak_sistem_a
|
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
|
CWE-89
SQL Injection
|
CVE-2008-5992
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257140
|
- |
|
barcodephp
|
barcodegen_1d
|
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the co…
|
CWE-22
Path Traversal
|
CVE-2008-5993
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
