|
257291
|
- |
|
china-on-site
|
flexphpic
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) th…
|
CWE-89
SQL Injection
|
CVE-2008-6142
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257292
|
- |
|
owentechkenya
|
owenpoll
|
OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie.
|
CWE-287
Improper Authentication
|
CVE-2008-6143
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257293
|
- |
|
deluxebb
|
deluxebb
|
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete…
|
CWE-89
SQL Injection
|
CVE-2008-6146
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257294
|
- |
|
aspapp
|
forumapp
|
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-6147
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257295
|
- |
|
sepcity
|
shopping_mall
|
SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6151
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257296
|
- |
|
sepcity
|
faculty_portal
|
SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer…
|
CWE-89
SQL Injection
|
CVE-2008-6152
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257297
|
- |
|
jayeshp
|
pixel8_web_photo_album
|
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6153
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257298
|
- |
|
hispah
|
text_links_ads
|
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6154
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257299
|
- |
|
formfields
|
adman
|
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
|
CWE-89
SQL Injection
|
CVE-2008-6156
|
2017-09-29 10:32 |
2009-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257300
|
- |
|
bux
|
bux.to_clone_script
|
Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin.
|
CWE-287
Improper Authentication
|
CVE-2008-6162
|
2017-09-29 10:32 |
2009-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
