256601
|
- |
|
php_crawler
|
php_crawler
|
PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the footer_file parameter.
|
CWE-20
Improper Input Validation
|
CVE-2008-4137
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256602
|
- |
|
technote
|
technote
|
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_p…
|
CWE-94
Code Injection
|
CVE-2008-4138
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256603
|
- |
|
x10media
|
.x10_automatic_mp3_script
|
Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/…
|
CWE-94
Code Injection
|
CVE-2008-4141
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256604
|
- |
|
ephpscripts
|
e-php_cms
|
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4142
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256605
|
- |
|
discountedscripts
|
e-gold_script_shop
|
SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.
|
CWE-89
SQL Injection
|
CVE-2008-4144
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256606
|
- |
|
addalink
|
addalink
|
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id…
|
CWE-89
SQL Injection
|
CVE-2008-4145
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256607
|
- |
|
addalink
|
addalink
|
Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
|
CWE-287
Improper Authentication
|
CVE-2008-4146
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256608
|
- |
|
dieselscripts
|
diesel_joke_site
|
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
|
CWE-89
SQL Injection
|
CVE-2008-4150
|
2017-09-29 10:32 |
2008-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256609
|
- |
|
living-e
|
webedition_cms
|
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4154
|
2017-09-29 10:32 |
2008-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256610
|
- |
|
easybrik
|
easysite
|
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www…
|
CWE-22
Path Traversal
|
CVE-2008-4155
|
2017-09-29 10:32 |
2008-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|