Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | ||||
| CVE-2008-6931 | 1 Phpstore | 1 Phpcareers | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | ||||
| CVE-2008-6954 | 1 Michael Dehaan | 1 Cobbler | 2024-08-07 | N/A |
| The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. | ||||
| CVE-2008-7062 | 1 Lovecms | 1 Lovecms | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. | ||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | ||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2024-08-07 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2008-7024 | 1 Arzdev | 2 Gemini Lite, Gemini Portal | 2024-08-07 | N/A |
| admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users." | ||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | ||||
| CVE-2008-6963 | 1 Turnkeyforms | 1 Text Link Sales | 2024-08-07 | N/A |
| admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request. | ||||
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2024-08-07 | N/A |
| AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | ||||
| CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2024-08-07 | N/A |
| member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | ||||
| CVE-2008-7010 | 1 Skalinks | 1 Exchange Script | 2024-08-07 | N/A |
| Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php. | ||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | ||||
| CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | ||||
| CVE-2008-6960 | 1 X10media | 1 X10 Automatic Mp3 Script | 2024-08-07 | N/A |
| download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | ||||
| CVE-2008-6920 | 1 W2b | 1 Phpemployment | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/. | ||||
| CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | ||||
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2024-08-07 | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | ||||
| CVE-2008-6870 | 1 Merlix | 1 Educate Server | 2024-08-07 | N/A |
| Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp. | ||||
| CVE-2008-6869 | 1 Oramon | 1 Oramon | 2024-08-07 | N/A |
| Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini. | ||||