|
256381
|
- |
|
china-on-site
|
flexphpdirectory
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checku…
|
CWE-89
SQL Injection
|
CVE-2008-6749
|
2017-09-29 10:33 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256382
|
- |
|
china-on-site
|
flexphpdirectory
|
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a…
|
CWE-20
Improper Input Validation
|
CVE-2008-6750
|
2017-09-29 10:33 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256383
|
- |
|
revou
|
tclone
|
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executa…
|
CWE-20
Improper Input Validation
|
CVE-2008-6751
|
2017-09-29 10:33 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256384
|
- |
|
revou
|
revou
|
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the admi…
|
CWE-20
Improper Input Validation
|
CVE-2008-6752
|
2017-09-29 10:33 |
2009-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256385
|
- |
|
china-on-site
|
flexcustomer0.0.6
|
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Da…
|
CWE-94
Code Injection
|
CVE-2008-6761
|
2017-09-29 10:33 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256386
|
- |
|
hypersilence
|
silentum_loginsys
|
login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username.
|
CWE-287
Improper Authentication
|
CVE-2008-6763
|
2017-09-29 10:33 |
2009-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256387
|
- |
|
shopsystem-forum
|
k\&s_shopsoftware
|
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then acce…
|
NVD-CWE-Other
|
CVE-2008-6768
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256388
|
- |
|
peterselie
|
yourplace
|
Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then …
|
NVD-CWE-Other
|
CVE-2008-6769
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256389
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6770
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256390
|
- |
|
peterselie
|
yourplace
|
YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6771
|
2017-09-29 10:33 |
2009-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
