|
257831
|
- |
|
dazzlindonna
|
postecards
|
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5559
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257832
|
- |
|
dazzlindonna
|
postecards
|
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5560
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257833
|
- |
|
netref
|
netref
|
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
|
CWE-89
SQL Injection
|
CVE-2008-5561
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257834
|
- |
|
aspapps
|
aspportal
|
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5562
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257835
|
- |
|
dinkumsoft
|
dl_paycart
|
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the N…
|
CWE-352
Origin Validation Error
|
CVE-2008-5565
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257836
|
- |
|
phpmultiplenewsletters
|
phpmultiplenewsletters
|
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5566
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257837
|
- |
|
bonzacart
|
bonza_cart
|
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with th…
|
CWE-352
Origin Validation Error
|
CVE-2008-5567
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257838
|
- |
|
ipn-mate
|
ipn_pro_3
|
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the ad…
|
CWE-352
Origin Validation Error
|
CVE-2008-5568
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257839
|
- |
|
php_multiple_newsletters
|
php_multiple_newsletters
|
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot d…
|
CWE-22
Path Traversal
|
CVE-2008-5570
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257840
|
- |
|
dotnetindex
|
professional_download_assistant
|
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2)…
|
CWE-89
SQL Injection
|
CVE-2008-5571
|
2017-09-29 10:32 |
2008-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
