|
256751
|
- |
|
brickhost
|
phpscheduleit
|
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
|
CWE-94
Code Injection
|
CVE-2008-6132
|
2017-09-29 10:32 |
2009-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256752
|
- |
|
ozsari
|
full_php_emlak_script
|
SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.
|
CWE-89
SQL Injection
|
CVE-2008-6133
|
2017-09-29 10:32 |
2009-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256753
|
- |
|
webbiscuits
|
modules_controller
|
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] paramet…
|
CWE-94
Code Injection
|
CVE-2008-6138
|
2017-09-29 10:32 |
2009-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256754
|
- |
|
webbiscuits
|
modules_controller
|
Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
|
CWE-22
Path Traversal
|
CVE-2008-6139
|
2017-09-29 10:32 |
2009-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256755
|
- |
|
china-on-site
|
flexphpic
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) th…
|
CWE-89
SQL Injection
|
CVE-2008-6142
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256756
|
- |
|
owentechkenya
|
owenpoll
|
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
|
CWE-287
Improper Authentication
|
CVE-2008-6143
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256757
|
- |
|
deluxebb
|
deluxebb
|
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete…
|
CWE-89
SQL Injection
|
CVE-2008-6146
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256758
|
- |
|
aspapp
|
forumapp
|
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6147
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256759
|
- |
|
sepcity
|
shopping_mall
|
SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6151
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256760
|
- |
|
sepcity
|
faculty_portal
|
SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer…
|
CWE-89
SQL Injection
|
CVE-2008-6152
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
