|
256661
|
- |
|
the_net_guys
|
aspired2blog
|
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5931
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256662
|
- |
|
codeavalanche
|
freeforum
|
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a dir…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5932
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256663
|
- |
|
cmsisweb
|
cms_isweb
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5933
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256664
|
- |
|
cmsisweb
|
cms_isweb
|
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5934
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256665
|
- |
|
mini-pub
|
mini-pub
|
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
|
CWE-200
Information Exposure
|
CVE-2008-5936
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256666
|
- |
|
zkesoft
|
ayeview
|
AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values.
|
CWE-20
Improper Input Validation
|
CVE-2008-5937
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256667
|
- |
|
modxcms
|
modxcms
|
PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary…
|
CWE-94
Code Injection
|
CVE-2008-5938
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256668
|
- |
|
modxcms
|
modxcms
|
Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, poss…
|
CWE-79
Cross-site Scripting
|
CVE-2008-5939
|
2017-09-29 10:32 |
2009-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256669
|
- |
|
bncwi
|
bncwi
|
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5948
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256670
|
- |
|
tiddlywiki
|
cctiddly
|
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/pr…
|
CWE-94
Code Injection
|
CVE-2008-5949
|
2017-09-29 10:32 |
2009-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
