Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7010 | 1 Skalinks | 1 Exchange Script | 2017-09-29 | 10.0 HIGH | N/A |
| Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php. | |||||
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 7.5 HIGH | N/A |
| AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | |||||
| CVE-2008-6963 | 1 Turnkeyforms | 1 Text Link Sales | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request. | |||||
| CVE-2008-6960 | 1 X10media | 1 X10 Automatic Mp3 Script | 2017-09-29 | 5.0 MEDIUM | N/A |
| download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | |||||
| CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2017-09-29 | 7.5 HIGH | N/A |
| member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | |||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | |||||
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | |||||
| CVE-2008-6931 | 1 Phpstore | 1 Phpcareers | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | |||||
| CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | |||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | |||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | |||||
| CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | |||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | |||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | |||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | |||||
| CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | |||||
| CVE-2008-6870 | 1 Merlix | 1 Educate Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp. | |||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2017-09-29 | 5.0 MEDIUM | N/A |
| Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | |||||
| CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2017-09-29 | 7.5 HIGH | N/A |
| The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | |||||
| CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | |||||