|
257231
|
- |
|
jetik
|
jetik_emlak_sistem_a
|
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
|
CWE-89
SQL Injection
|
CVE-2008-5992
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257232
|
- |
|
barcodephp
|
barcodegen_1d
|
Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the co…
|
CWE-22
Path Traversal
|
CVE-2008-5993
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257233
|
- |
|
adnforum
|
adnforum
|
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6001
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257234
|
- |
|
web-cp
|
web-cp
|
Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parame…
|
CWE-22
Path Traversal
|
CVE-2008-6002
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257235
|
- |
|
aj_square
|
aj_auction
|
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6003
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257236
|
- |
|
aj_square
|
aj_auction
|
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2008-6004
|
2017-09-29 10:32 |
2009-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257237
|
- |
|
minbank
|
micronation_banking_system
|
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb…
|
CWE-94
Code Injection
|
CVE-2008-6006
|
2017-09-29 10:32 |
2009-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257238
|
- |
|
quidascript
|
bookmarks_favourites_script
|
SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6007
|
2017-09-29 10:32 |
2009-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257239
|
- |
|
sg_real_estate_portal
|
sg_real_estate_portal
|
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2008-6009
|
2017-09-29 10:32 |
2009-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257240
|
- |
|
sg_real_estate_portal
|
sg_real_estate_portal
|
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.ph…
|
CWE-22
Path Traversal
|
CVE-2008-6010
|
2017-09-29 10:32 |
2009-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
