Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | |||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | |||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | |||||
| CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | |||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | |||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2017-09-28 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | |||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | |||||
| CVE-2008-6871 | 1 Merlix | 1 Educate Server | 2017-09-28 | 5.0 MEDIUM | N/A |
| Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request. | |||||
| CVE-2008-6870 | 1 Merlix | 1 Educate Server | 2017-09-28 | 5.0 MEDIUM | N/A |
| Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp. | |||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2017-09-28 | 5.0 MEDIUM | N/A |
| Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | |||||
| CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2017-09-28 | 7.5 HIGH | N/A |
| The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | |||||
| CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2017-09-28 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2017-09-28 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | |||||
| CVE-2008-6650 | 1 Mywebland | 1 Minibloggie | 2017-09-28 | 5.0 MEDIUM | N/A |
| del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | |||||
| CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2017-09-28 | 7.5 HIGH | N/A |
| uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | |||||
| CVE-2009-0399 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-09-28 | 7.5 HIGH | N/A |
| Chipmunk Blogger Script allows remote attackers to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions. | |||||
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2017-09-28 | 5.0 MEDIUM | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | |||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2017-09-28 | 7.5 HIGH | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | |||||
| CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2017-09-28 | 8.8 HIGH | N/A |
| Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | |||||
| CVE-2008-6494 | 1 Robs-projects | 1 Asp User Engine.net | 2017-09-28 | 5.0 MEDIUM | N/A |
| ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. | |||||