|
256831
|
- |
|
easy-script
|
myforum
|
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal se…
|
CWE-22
Path Traversal
|
CVE-2008-4780
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256832
|
- |
|
easy-script
|
myktools
|
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
|
CWE-22
Path Traversal
|
CVE-2008-4781
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256833
|
- |
|
aiocp
|
aiocp
|
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4782
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256834
|
- |
|
easy-script
|
tlads
|
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
|
CWE-287
Improper Authentication
|
CVE-2008-4783
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256835
|
- |
|
aflog
|
aflog
|
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php…
|
CWE-287
Improper Authentication
|
CVE-2008-4784
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256836
|
- |
|
e107
|
alternate_profiles_plugin
|
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4785
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256837
|
- |
|
e107
|
easyshop_plugin
|
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-4786
|
2017-09-29 10:32 |
2008-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256838
|
- |
|
sepal
|
spboard
|
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
|
NVD-CWE-noinfo
|
CVE-2008-4873
|
2017-09-29 10:32 |
2008-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256839
|
- |
|
mywebcards
|
webcards
|
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these det…
|
CWE-89
SQL Injection
|
CVE-2008-4877
|
2017-09-29 10:32 |
2008-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256840
|
- |
|
mywebcards
|
webcards
|
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable ext…
|
CWE-20
Improper Input Validation
|
CVE-2008-4878
|
2017-09-29 10:32 |
2008-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
