|
257801
|
- |
|
quate
|
grape_web_statistics
|
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.
|
CWE-94
Code Injection
|
CVE-2008-1963
|
2017-09-29 10:30 |
2008-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257802
|
- |
|
phphq
|
phshoutbox_final
|
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and ear…
|
CWE-287
Improper Authentication
|
CVE-2008-1971
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257803
|
- |
|
artur_sikora
|
subedit_player
|
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2008-1973
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257804
|
- |
|
cogites
|
e_reserve
|
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1975
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257805
|
- |
|
wordpress
|
wpss
|
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-1982
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257806
|
- |
|
123flashchat
e107
|
123_flash_chat_module
e107
|
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a …
|
CWE-94
Code Injection
|
CVE-2008-1989
|
2017-09-29 10:30 |
2008-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257807
|
- |
|
qemu
|
qemu
|
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to iden…
|
CWE-200
Information Exposure
|
CVE-2008-2004
|
2017-09-29 10:30 |
2008-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257808
|
- |
|
postnuke_software_foundation
|
postschedule
|
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
|
CWE-89
SQL Injection
|
CVE-2008-2012
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257809
|
- |
|
pnflashgames
|
pnflashgames
|
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the …
|
CWE-89
SQL Injection
|
CVE-2008-2013
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257810
|
- |
|
watchfire
|
appscan
|
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument…
|
CWE-22
Path Traversal
|
CVE-2008-2015
|
2017-09-29 10:30 |
2008-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
