|
256571
|
- |
|
mariovaldez
|
simple_text-file_login_script
|
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5762
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256572
|
- |
|
mariovaldez
|
simple_text-file_login_script
|
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path para…
|
CWE-94
Code Injection
|
CVE-2008-5763
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256573
|
- |
|
2500mhz
|
worksimple
|
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
|
CWE-94
Code Injection
|
CVE-2008-5764
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256574
|
- |
|
2500mhz
|
worksimple
|
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5765
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256575
|
- |
|
fascript
|
faupload
|
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5766
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256576
|
- |
|
gazatem
|
gnews_publisher
|
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5767
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256577
|
- |
|
sirium
|
am_events_module
|
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5768
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256578
|
- |
|
phpweather
|
phpweather
|
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5770
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256579
|
- |
|
phpweather
|
phpweather
|
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5771
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256580
|
- |
|
aspsiteware
|
realtylistings
|
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro para…
|
CWE-89
SQL Injection
|
CVE-2008-5772
|
2017-09-29 10:32 |
2008-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
