|
256711
|
- |
|
emefa
|
emefa_guestbook
|
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.md…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5852
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256712
|
- |
|
myphpscripts
|
login_session
|
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email p…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5854
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256713
|
- |
|
myphpscripts
|
login_session
|
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password ha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5855
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256714
|
- |
|
class
|
class
|
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attackers to read arbitrary files via directory traversal sequences in the ftype parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5856
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256715
|
- |
|
constructr
|
constructr-cms
|
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL comm…
|
CWE-89
SQL Injection
|
CVE-2008-5859
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256716
|
- |
|
constructr
|
constructr-cms
|
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or…
|
CWE-22
Path Traversal
|
CVE-2008-5860
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256717
|
- |
|
freelyrics
|
freelyrics
|
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read arbitrary files via directory traversal sequences in the p parameter. NOTE: some of these details ar…
|
CWE-22
Path Traversal
|
CVE-2008-5861
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256718
|
- |
|
webcamxp
|
webcamxp
|
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
|
CWE-22
Path Traversal
|
CVE-2008-5862
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256719
|
- |
|
v-gn
|
userlocator
|
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user ac…
|
CWE-89
SQL Injection
|
CVE-2008-5863
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256720
|
- |
|
joomlahbs
|
com_tophotelmodule
hotel_booking_reservation_system
|
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL co…
|
CWE-89
SQL Injection
|
CVE-2008-5864
|
2017-09-29 10:32 |
2009-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
