Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6293 | 1 Accscripts | 1 Acc Real Estate | 2024-08-07 | N/A |
| admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | ||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2024-08-07 | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | ||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2024-08-07 | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | ||||
| CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2024-08-07 | N/A |
| Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | ||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2024-08-07 | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | ||||
| CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2024-08-07 | N/A |
| Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | ||||
| CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2024-08-07 | N/A |
| EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | ||||
| CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2024-08-07 | N/A |
| Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | ||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2024-08-07 | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | ||||
| CVE-2008-6098 | 1 Mozilla | 1 Bugzilla | 2024-08-07 | N/A |
| Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." | ||||
| CVE-2008-6109 | 1 Shelter Manager | 1 Animal Shelter Manager | 2024-08-07 | N/A |
| Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI." | ||||
| CVE-2008-6065 | 1 Oracle | 1 Database Server | 2024-08-07 | N/A |
| Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. | ||||
| CVE-2008-6059 | 1 Webkit | 1 Webkit | 2024-08-07 | N/A |
| xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | ||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2024-08-07 | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6051 | 1 Metalinks | 1 Metacart | 2024-08-07 | N/A |
| MetaCart Free stores metacart.mdb under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords via a direct request. | ||||
| CVE-2008-6054 | 1 Preprojects.com | 1 Pre Courier And Cargo Business | 2024-08-07 | N/A |
| PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6053 | 1 Preprojects | 1 Pre Resume Submitter | 2024-08-07 | N/A |
| PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6052 | 1 Preprojects | 1 Pre E-learning Portal | 2024-08-07 | N/A |
| PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | ||||
| CVE-2008-6008 | 1 Herongyang | 1 Hybook | 2024-08-07 | N/A |
| hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb. | ||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2024-08-07 | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | ||||