Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6844 | 1 Ez | 1 Ez Publish | 2024-11-21 | N/A |
| The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters. | ||||
| CVE-2008-6799 | 1 Tufat | 1 Flashchat | 2024-11-21 | N/A |
| connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7." | ||||
| CVE-2008-6774 | 1 Peterselie | 1 Yourplace | 2024-11-21 | N/A |
| internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2024-11-21 | N/A |
| YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2024-11-21 | N/A |
| YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | ||||
| CVE-2008-6756 | 2 Gentoo, Zoneminder | 2 Linux, Zoneminder | 2024-11-21 | N/A |
| ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | ||||
| CVE-2008-6755 | 2 Redhat, Zoneminder | 2 Fedora, Zoneminder | 2024-11-21 | N/A |
| ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script. | ||||
| CVE-2008-6747 | 1 Dotproject | 1 Dotproject | 2024-11-21 | N/A |
| dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6736 | 1 Circulargenius | 1 Flat Calendar | 2024-11-21 | N/A |
| Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | ||||
| CVE-2008-6701 | 1 Netscout | 2 Ngenius Infinistream, Visualizer | 2024-11-21 | N/A |
| NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request. | ||||
| CVE-2008-6674 | 1 Quickersite | 1 Quickersite | 2024-11-21 | N/A |
| mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter. | ||||
| CVE-2008-6673 | 1 Quickersite | 1 Quickersite | 2024-11-21 | N/A |
| asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action. | ||||
| CVE-2008-6650 | 1 Mywebland | 1 Minibloggie | 2024-11-21 | N/A |
| del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628. | ||||
| CVE-2008-6643 | 1 Lokicms | 1 Lokicms | 2024-11-21 | N/A |
| LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php. | ||||
| CVE-2008-6619 | 1 Netlab | 1 Classsystem | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in class/ApplyDB.php in ClassSystem 2.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in class/UploadHomepage/. | ||||
| CVE-2008-6617 | 1 Sitexs Cms | 1 Sitexs Cms | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | ||||
| CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2024-11-21 | N/A |
| uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | ||||
| CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2024-11-21 | N/A |
| MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | ||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2024-11-21 | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | ||||
| CVE-2008-6580 | 1 Funscripts | 1 Red Reservations | 2024-11-21 | N/A |
| The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb. | ||||