Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2024-08-07 | N/A |
PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | ||||
CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2024-08-07 | N/A |
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5929 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2024-08-07 | N/A |
VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2024-08-07 | N/A |
Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | ||||
CVE-2008-5916 | 1 Git | 1 Git | 2024-08-07 | N/A |
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. | ||||
CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2024-08-07 | N/A |
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | ||||
CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2024-08-07 | N/A |
The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2024-08-07 | N/A |
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2024-08-07 | N/A |
iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2024-08-07 | N/A |
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5885 | 1 Thenetguys | 1 Aspired2quote | 2024-08-07 | N/A |
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2024-08-07 | N/A |
ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | ||||
CVE-2008-5935 | 1 Factosystem | 1 Factosystem Weblog | 2024-08-07 | N/A |
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5905 | 1 Ktorrent | 1 Ktorrent | 2024-08-07 | N/A |
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. | ||||
CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2024-08-07 | N/A |
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2024-08-07 | N/A |
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2024-08-07 | N/A |
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2024-08-07 | N/A |
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-5873 | 1 Yerba | 1 Yerba | 2024-08-07 | N/A |
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | ||||
CVE-2008-5855 | 1 Myphpscripts | 1 Login Session | 2024-08-07 | N/A |
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. |