|
256501
|
- |
|
comsenz
|
crossday_discuz\!_board
|
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
|
CWE-94
Code Injection
|
CVE-2008-6958
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256502
|
- |
|
chilkatsoft
|
chilkat_socket
|
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastE…
|
NVD-CWE-Other
|
CVE-2008-6959
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256503
|
- |
|
x10media
|
x10_automatic_mp3_script
|
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6960
|
2017-09-29 10:33 |
2009-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256504
|
- |
|
turnkeyforms
|
text_link_sales
|
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6963
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256505
|
- |
|
x7_group
|
x7_chat
|
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
|
CWE-89
SQL Injection
|
CVE-2008-6964
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256506
|
- |
|
aj_square
|
aj_auction
|
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass au…
|
CWE-287
Improper Authentication
|
CVE-2008-6965
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256507
|
- |
|
aj_square
|
aj_auction
|
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6966
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256508
|
- |
|
simplemachines
|
smf
|
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidd…
|
CWE-255
Credentials Management
|
CVE-2008-6971
|
2017-09-29 10:33 |
2009-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256509
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execut…
|
CWE-352
Origin Validation Error
|
CVE-2008-6974
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256510
|
- |
|
dd-wrt
|
dd-wrt
|
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary …
|
CWE-352
Origin Validation Error
|
CVE-2008-6975
|
2017-09-29 10:33 |
2009-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
