|
256671
|
- |
|
aspapps
|
template_creature
|
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5950
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256672
|
- |
|
aspapps
|
template_creature
|
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/tem…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5951
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256673
|
- |
|
ktp_computer_customer_database
|
ktp_computer_customer_database
|
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid paramete…
|
CWE-89
SQL Injection
|
CVE-2008-5952
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256674
|
- |
|
ktp_computer_customer_database
|
ktp_computer_customer_database
|
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot…
|
CWE-22
Path Traversal
|
CVE-2008-5953
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256675
|
- |
|
phpstreet
|
webboard
|
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5955
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256676
|
- |
|
phpstreet
|
webboard
|
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct reque…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5956
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256677
|
- |
|
activewebsoftwares
|
active_test
|
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiz…
|
CWE-89
SQL Injection
|
CVE-2008-5958
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256678
|
- |
|
active_web_softwares
|
active_test
|
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password pa…
|
CWE-89
SQL Injection
|
CVE-2008-5959
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256679
|
- |
|
gravity-gtd
|
gravity-gtd
|
Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot do…
|
CWE-22
Path Traversal
|
CVE-2008-5962
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256680
|
- |
|
gravity-gtd
|
gravity-gtd
|
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
|
CWE-20
Improper Input Validation
|
CVE-2008-5963
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
