|
256531
|
- |
|
freshscripts
|
fresh_email_script
|
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
|
CWE-94
Code Injection
|
CVE-2008-7042
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256532
|
- |
|
freshscripts
|
fresh_email_script
|
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. N…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7043
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256533
|
- |
|
ajsquare
|
free_polling_script
|
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.
|
CWE-89
SQL Injection
|
CVE-2008-7044
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256534
|
- |
|
ajsquare
|
free_polling_script
|
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
|
CWE-287
Improper Authentication
|
CVE-2008-7045
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256535
|
- |
|
natterchat
|
natterchat
|
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
|
CWE-287
Improper Authentication
|
CVE-2008-7047
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256536
|
- |
|
natterchat
|
natterchat
|
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPas…
|
CWE-89
SQL Injection
|
CVE-2008-7049
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256537
|
- |
|
ajsquare
|
aj_article
|
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.p…
|
CWE-287
Improper Authentication
|
CVE-2008-7051
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256538
|
- |
|
preprojects
|
pre_real_estate_listings
|
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten…
|
CWE-20
Improper Input Validation
|
CVE-2008-7052
|
2017-09-29 10:33 |
2009-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256539
|
- |
|
logmein
|
ractrl.dll
|
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigg…
|
CWE-399
Resource Management Errors
|
CVE-2008-7053
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256540
|
- |
|
grayscalecms
|
bandsite_cms
|
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7056
|
2017-09-29 10:33 |
2009-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
