Total
5449 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6540 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-11-21 | N/A |
| DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. | ||||
| CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2024-11-21 | N/A |
| admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | ||||
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2024-11-21 | N/A |
| The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | ||||
| CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2024-11-21 | N/A |
| Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | ||||
| CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2024-11-21 | N/A |
| Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | ||||
| CVE-2008-6494 | 1 Robs-projects | 1 Asp User Engine.net | 2024-11-21 | N/A |
| ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. | ||||
| CVE-2008-6493 | 1 Easy-news | 1 Easy Content Management Publishing | 2024-11-21 | N/A |
| Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. | ||||
| CVE-2008-6399 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-11-21 | N/A |
| Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors. | ||||
| CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2024-11-21 | N/A |
| Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | ||||
| CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2024-11-21 | N/A |
| ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | ||||
| CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2024-11-21 | N/A |
| JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | ||||
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2024-11-21 | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | ||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2024-11-21 | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | ||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2024-11-21 | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | ||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2024-11-21 | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | ||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2024-11-21 | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | ||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2024-11-21 | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | ||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2024-11-21 | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | ||||
| CVE-2008-6296 | 1 Maran | 1 Php Shop | 2024-11-21 | N/A |
| admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." | ||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2024-11-21 | N/A |
| admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | ||||