|
256731
|
- |
|
mini-pub
|
mini-pub
|
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5883
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256732
|
- |
|
thenetguys
|
aspired2quote
|
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5885
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256733
|
- |
|
takempis
|
discussion_web
|
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-5886
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256734
|
- |
|
icash
|
click\&rank
|
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp;…
|
CWE-89
SQL Injection
|
CVE-2008-5888
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256735
|
- |
|
icash
|
click\&rank
|
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5889
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256736
|
- |
|
injader
|
injader
|
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5890
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256737
|
- |
|
icash
|
click\&email
|
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid pa…
|
CWE-89
SQL Injection
|
CVE-2008-5892
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256738
|
- |
|
icash
|
click\&email
|
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
|
CWE-79
Cross-site Scripting
|
CVE-2008-5893
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256739
|
- |
|
mediatheka
|
mediatheka
|
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
CWE-22
Path Traversal
|
CVE-2008-5894
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256740
|
- |
|
mediatheka
|
mediatheka
|
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
CWE-89
SQL Injection
|
CVE-2008-5895
|
2017-09-29 10:32 |
2009-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
