|
256641
|
- |
|
icash
|
click\&email
|
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5893
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256642
|
- |
|
mediatheka
|
mediatheka
|
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5894
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256643
|
- |
|
mediatheka
|
mediatheka
|
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5895
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256644
|
- |
|
codeavalanche
|
ratemysite
|
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator pas…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5896
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256645
|
- |
|
codeavalanche
|
freewallpaper
|
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5897
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256646
|
- |
|
codeavalanche
|
directory
|
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator pass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5898
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256647
|
- |
|
codeavalanche
|
freeforall
|
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator pas…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5899
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256648
|
- |
|
codeavalanche
|
articles
|
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator passw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5900
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256649
|
- |
|
iyziforum
|
iyzi_forum
|
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5901
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256650
|
- |
|
mozilla
|
firefox
seamonkey
|
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only…
|
NVD-CWE-Other
|
CVE-2008-5913
|
2017-09-29 10:32 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
