Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | |||||
| CVE-2008-6650 | 1 Mywebland | 1 Minibloggie | 2017-09-29 | 5.0 MEDIUM | N/A |
| del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | |||||
| CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2017-09-29 | 7.5 HIGH | N/A |
| uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | |||||
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | |||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2017-09-29 | 7.5 HIGH | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | |||||
| CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2017-09-29 | 8.8 HIGH | N/A |
| Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | |||||
| CVE-2008-6494 | 1 Robs-projects | 1 Asp User Engine.net | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. | |||||
| CVE-2008-6493 | 1 Easy-news | 1 Easy Content Management Publishing | 2017-09-29 | 5.0 MEDIUM | N/A |
| Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. | |||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2017-09-29 | 5.0 MEDIUM | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | |||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | |||||
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2017-09-29 | 5.0 MEDIUM | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | |||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | |||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | |||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | |||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-29 | 5.0 MEDIUM | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | |||||
| CVE-2008-6296 | 1 Maran | 1 Php Shop | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." | |||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2017-09-29 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||||
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2017-09-29 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | |||||