|
256461
|
- |
|
kalptaru_infotech
|
stararticles
|
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7076
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256462
|
- |
|
relative
|
sailplanner
|
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
CWE-89
SQL Injection
|
CVE-2008-7077
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256463
|
- |
|
nero
|
showtime
|
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-7079
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256464
|
- |
|
phpclassifiedsscript
|
php_classifieds_script
|
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7080
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256465
|
- |
|
revou
|
micro_blogging_twitter_clone
|
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
CWE-89
SQL Injection
|
CVE-2008-7083
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256466
|
- |
|
thehockeystop
|
hockeystats_online
|
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage act…
|
CWE-89
SQL Injection
|
CVE-2008-7085
|
2017-09-29 10:33 |
2009-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256467
|
- |
|
maianscriptworld
|
maian_greetings
|
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
|
CWE-287
Improper Authentication
|
CVE-2008-7086
|
2017-09-29 10:33 |
2009-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256468
|
- |
|
photopost
|
photopost_vbgallery
|
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed…
|
CWE-20
Improper Input Validation
|
CVE-2008-7088
|
2017-09-29 10:33 |
2009-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256469
|
- |
|
qsoft-inc
|
k-rate
|
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] va…
|
CWE-89
SQL Injection
|
CVE-2008-7097
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256470
|
- |
|
qsoft-inc
|
k-rate
|
Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers to inject arbitrary web script or HTML via the blog, possibly the (1) Title and (2) Text fields; (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7098
|
2017-09-29 10:33 |
2009-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
