Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6506 | 1 Phpbb | 1 Phpbb | 2024-08-07 | N/A |
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | ||||
CVE-2008-6617 | 1 Sitexs Cms | 1 Sitexs Cms | 2024-08-07 | N/A |
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | ||||
CVE-2008-6603 | 1 Moinmo | 1 Moinmoin | 2024-08-07 | N/A |
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | ||||
CVE-2008-6540 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-08-07 | N/A |
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys. | ||||
CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2024-08-07 | N/A |
The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | ||||
CVE-2008-6535 | 1 Paypalestores | 1 Paypal Estores | 2024-08-07 | N/A |
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter. | ||||
CVE-2008-6496 | 1 Visagesoft | 1 Expert Pdf Editorx | 2024-08-07 | N/A |
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. | ||||
CVE-2008-6493 | 1 Easy-news | 1 Easy Content Management Publishing | 2024-08-07 | N/A |
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. | ||||
CVE-2008-6494 | 1 Robs-projects | 1 Asp User Engine.net | 2024-08-07 | N/A |
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. | ||||
CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2024-08-07 | N/A |
MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | ||||
CVE-2008-6382 | 1 Aspportal | 1 Aspportal | 2024-08-07 | N/A |
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to ASPPortal.mdb. | ||||
CVE-2008-6388 | 1 4u2ges | 1 Rapid Classified | 2024-08-07 | N/A |
Rapid Classified 3.1 and 3.15 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to cldb.mdb. | ||||
CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2024-08-07 | N/A |
The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | ||||
CVE-2008-6291 | 1 Accscripts | 1 Acc Php Email | 2024-08-07 | N/A |
Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin". | ||||
CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2024-08-07 | N/A |
CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | ||||
CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2024-08-07 | N/A |
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | ||||
CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2024-08-07 | N/A |
The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | ||||
CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2024-08-07 | N/A |
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | ||||
CVE-2008-6375 | 1 Nexusjnr | 1 Jbook | 2024-08-07 | N/A |
JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | ||||
CVE-2008-6296 | 1 Maran | 1 Php Shop | 2024-08-07 | N/A |
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." |