|
259731
|
- |
|
exbb
|
exbb_italia
|
Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to i…
|
CWE-22
Path Traversal
|
CVE-2008-1861
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259732
|
- |
|
exbb
|
exbb_italia
|
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables…
|
CWE-94
CWE-20
Code Injection
Improper Input Validation
|
CVE-2008-1862
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259733
|
- |
|
prozilla
|
cheats
|
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1863
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259734
|
- |
|
prozilla
|
prozilla_freelancers
|
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1864
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259735
|
- |
|
pixel_motion
|
pixel_motion_blog
|
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is…
|
CWE-94
Code Injection
|
CVE-2008-1866
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259736
|
- |
|
pixel_motion
|
pixel_motion_blog
|
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include…
|
CWE-89
SQL Injection
|
CVE-2008-1867
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259737
|
- |
|
pixel_motion
|
pixel_motion_blog
|
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql fi…
|
CWE-287
Improper Authentication
|
CVE-2008-1868
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259738
|
- |
|
site_sift_media
|
site_sift_listings
|
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-speci…
|
CWE-89
SQL Injection
|
CVE-2008-1869
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259739
|
- |
|
geek247
|
pigmy-sql
|
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1870
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259740
|
- |
|
scriptsagent
|
links_directory
|
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
CWE-89
SQL Injection
|
CVE-2008-1871
|
2017-09-29 10:30 |
2008-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
