|
256791
|
- |
|
cplinks
|
cplinks
|
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2008-2181
|
2017-09-29 10:31 |
2008-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256792
|
- |
|
toocharger
|
smartblog
|
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.
|
CWE-89
SQL Injection
|
CVE-2008-2183
|
2017-09-29 10:31 |
2008-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256793
|
- |
|
itcms
|
itcms
|
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
|
CWE-94
Code Injection
|
CVE-2008-2192
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256794
|
- |
|
scorpnews
|
scorpnews
|
PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
|
CWE-94
Code Injection
|
CVE-2008-2193
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256795
|
- |
|
deluxebb
|
deluxebb
|
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
|
CWE-89
SQL Injection
|
CVE-2008-2194
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256796
|
- |
|
deluxebb
|
deluxebb
|
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
|
CWE-94
Code Injection
|
CVE-2008-2195
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256797
|
- |
|
miniweb2
|
blog_writer
|
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
|
CWE-89
SQL Injection
|
CVE-2008-2197
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256798
|
- |
|
pbcs
|
project-based_calendaring__system
|
Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/…
|
CWE-22
Path Traversal
|
CVE-2008-2215
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256799
|
- |
|
pbcs
|
project-based_calendaring__system
|
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-2216
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256800
|
- |
|
mario_valdez
|
content_management_system
|
Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_…
|
CWE-22
Path Traversal
|
CVE-2008-2217
|
2017-09-29 10:31 |
2008-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
