|
256571
|
- |
|
huseyin_bora_abaci
|
com_myalbum
|
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2008-6489
|
2017-09-29 10:33 |
2009-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256572
|
- |
|
flysforum
|
flaber
|
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for…
|
CWE-20
Improper Input Validation
|
CVE-2008-6490
|
2017-09-29 10:33 |
2009-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256573
|
- |
|
tizag
|
tizag_countdown_creator
|
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, th…
|
CWE-20
Improper Input Validation
|
CVE-2008-6492
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256574
|
- |
|
easy-news
|
easy_content_management_publishing
|
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6493
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256575
|
- |
|
robs-projects
|
asp_user_engine.net
|
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6494
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256576
|
- |
|
visagesoft
|
expert_pdf_editorx
|
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary fil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6496
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256577
|
- |
|
apachefriends
|
xampp
|
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess…
|
CWE-352
Origin Validation Error
|
CVE-2008-6498
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256578
|
- |
|
apachefriends
|
xampp
|
security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMO…
|
CWE-94
Code Injection
|
CVE-2008-6499
|
2017-09-29 10:33 |
2009-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256579
|
- |
|
prochatrooms
|
pro_chat_rooms
|
Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6501
|
2017-09-29 10:33 |
2009-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256580
|
- |
|
prochatrooms
|
pro_chat_rooms
|
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause …
|
CWE-22
Path Traversal
|
CVE-2008-6502
|
2017-09-29 10:33 |
2009-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
