|
256591
|
- |
|
paypalestores
|
paypal_estores
|
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6535
|
2017-09-29 10:33 |
2009-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256592
|
- |
|
lightneasy
|
lightneasy
|
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared …
|
CWE-200
Information Exposure
|
CVE-2008-6537
|
2017-09-29 10:33 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256593
|
- |
|
holger_schurig
|
destar
|
DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.
|
CWE-20
Improper Input Validation
|
CVE-2008-6538
|
2017-09-29 10:33 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256594
|
- |
|
holger_schurig
|
destar
|
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a cra…
|
CWE-94
Code Injection
|
CVE-2008-6539
|
2017-09-29 10:33 |
2009-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256595
|
- |
|
e-vision
|
e-vision_cms
|
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot do…
|
CWE-22
Path Traversal
|
CVE-2008-6551
|
2017-09-29 10:33 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256596
|
- |
|
redhat
fedoraproject
|
cluster_project
cman
rgmanager
fedora
gfs2-utils
|
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) …
|
CWE-59
Link Following
|
CVE-2008-6552
|
2017-09-29 10:33 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256597
|
- |
|
impliedbydesign
|
micro-cms
|
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative acco…
|
CWE-287
Improper Authentication
|
CVE-2008-6553
|
2017-09-29 10:33 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256598
|
- |
|
sco
unixware
|
unixware
reliantha
|
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable t…
|
CWE-20
Improper Input Validation
|
CVE-2008-6558
|
2017-09-29 10:33 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256599
|
- |
|
sco
|
reliantha
unixware
|
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a fil…
|
CWE-20
Improper Input Validation
|
CVE-2008-6559
|
2017-09-29 10:33 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256600
|
- |
|
funscripts
|
red_reservations
|
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct reques…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6580
|
2017-09-29 10:33 |
2009-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
