|
256591
|
- |
|
turnkeyforms
|
web_hosting_directory
|
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6940
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256592
|
- |
|
turnkeyforms
|
web_hosting_directory
|
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
|
CWE-89
SQL Injection
|
CVE-2008-6941
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256593
|
- |
|
scriptsfeed
|
realtor_classifieds_system
|
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an …
|
CWE-20
Improper Input Validation
|
CVE-2008-6942
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256594
|
- |
|
scriptsfeed
|
recipes_listing_portal
|
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe p…
|
CWE-20
Improper Input Validation
|
CVE-2008-6943
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256595
|
- |
|
scriptsfeed
|
auto_classifieds
|
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, …
|
CWE-20
Improper Input Validation
|
CVE-2008-6944
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256596
|
- |
|
webhost-panel
|
bankoi_webhosting_control_panel
|
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
|
CWE-89
SQL Injection
|
CVE-2008-6950
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256597
|
- |
|
cms.maury91
|
maurycms
|
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary fil…
|
CWE-287
Improper Authentication
|
CVE-2008-6951
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256598
|
- |
|
cms.maury91
|
maurycms
|
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6952
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256599
|
- |
|
infireal
|
mxcamarchive
|
mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for…
|
CWE-200
Information Exposure
|
CVE-2008-6955
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256600
|
- |
|
infireal
|
mxcamarchive
|
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description para…
|
CWE-94
Code Injection
|
CVE-2008-6956
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
