|
257141
|
- |
|
ezwebalbum
|
ezwebalbum
|
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
|
CWE-287
Improper Authentication
|
CVE-2008-3292
|
2017-09-29 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257142
|
- |
|
tuxplanet
|
bilboblog
|
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num paramet…
|
CWE-89
SQL Injection
|
CVE-2008-3302
|
2017-09-29 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257143
|
- |
|
tuxplanet
|
bilboblog
|
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-3303
|
2017-09-29 10:31 |
2008-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257144
|
- |
|
carlos_desseno
|
youtube_blog
|
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-3305
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257145
|
- |
|
youtube_blog
|
youtube_blog
|
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
|
CWE-89
SQL Injection
|
CVE-2008-3307
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257146
|
- |
|
carlos_desseno
|
youtube_blog
|
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in…
|
CWE-94
Code Injection
|
CVE-2008-3308
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257147
|
- |
|
digiappz
|
digileave
|
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3309
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257148
|
- |
|
preproject
|
pre_survey_poll
|
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
CWE-89
SQL Injection
|
CVE-2008-3310
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257149
|
- |
|
maian_script_world
|
maian_search
|
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
|
CWE-287
Improper Authentication
|
CVE-2008-3317
|
2017-09-29 10:31 |
2008-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257150
|
- |
|
mantis
|
mantis
|
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-3331
|
2017-09-29 10:31 |
2008-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
