|
256731
|
- |
|
mhfmedia
|
ads_pro
|
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pa…
|
CWE-20
Improper Input Validation
|
CVE-2008-6826
|
2017-09-29 10:33 |
2009-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256732
|
- |
|
vicftps
|
vicftps
|
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issu…
|
CWE-20
Improper Input Validation
|
CVE-2008-6829
|
2017-09-29 10:33 |
2009-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256733
|
- |
|
fuzzylime
|
fuzzylime_\(cms\)
|
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for …
|
CWE-22
Path Traversal
|
CVE-2008-6833
|
2017-09-29 10:33 |
2009-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256734
|
- |
|
fuzzylime
|
fuzzylime_\(cms\)
|
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/co…
|
CWE-22
Path Traversal
|
CVE-2008-6834
|
2017-09-29 10:33 |
2009-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256735
|
- |
|
gmitc
|
com_dbquery
|
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to e…
|
CWE-94
Code Injection
|
CVE-2008-6841
|
2017-09-29 10:33 |
2009-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256736
|
- |
|
pluck-cms
|
pluck
|
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post paramet…
|
CWE-22
Path Traversal
|
CVE-2008-6842
|
2017-09-29 10:33 |
2009-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256737
|
- |
|
ez
|
ez_publish
|
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6844
|
2017-09-29 10:33 |
2009-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256738
|
- |
|
w2b
|
phpgreetcards
|
Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6848
|
2017-09-29 10:33 |
2009-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256739
|
- |
|
w2b
|
phpgreetcards
|
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via …
|
CWE-94
Code Injection
|
CVE-2008-6849
|
2017-09-29 10:33 |
2009-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256740
|
- |
|
php_link_directory
|
php_link_directory
|
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands…
|
CWE-89
SQL Injection
|
CVE-2008-6851
|
2017-09-29 10:33 |
2009-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
