|
256651
|
- |
|
tigris
|
websvn
|
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INF…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5918
|
2017-09-29 10:32 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256652
|
- |
|
tigris
|
websvn
|
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in th…
|
CWE-22
Path Traversal
|
CVE-2008-5919
|
2017-09-29 10:32 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256653
|
- |
|
tigris
|
websvn
|
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
|
CWE-94
Code Injection
|
CVE-2008-5920
|
2017-09-29 10:32 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256654
|
- |
|
tigris
|
websvn
|
Patch information - http://websvn.tigris.org/
|
CWE-94
Code Injection
|
CVE-2008-5920
|
2017-09-29 10:32 |
2009-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256655
|
- |
|
umerinc
|
songs_portal
|
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5921
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256656
|
- |
|
asp-dev
|
internal_e-mail_system
|
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) …
|
CWE-89
SQL Injection
|
CVE-2008-5926
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256657
|
- |
|
china-on-site
|
flexphpnews
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2)…
|
CWE-89
SQL Injection
|
CVE-2008-5927
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256658
|
- |
|
flds-script
|
flds
|
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5928
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256659
|
- |
|
vpasp
|
vp-asp_shopping_cart
|
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5929
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256660
|
- |
|
the_net_guys
|
aspired2blog
|
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5930
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
