Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2017-09-29 | 7.5 HIGH | N/A |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | |||||
| CVE-2008-7056 | 1 Grayscalecms | 1 Bandsite Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request. | |||||
| CVE-2009-0328 | 1 Robs-projects | 1 Digital Sales Ipn | 2017-09-29 | 5.0 MEDIUM | N/A |
| ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb. | |||||
| CVE-2008-6292 | 1 Accscripts | 1 Acc Autos | 2017-09-29 | 7.5 HIGH | N/A |
| Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | |||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-29 | 5.0 MEDIUM | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||||
| CVE-2009-0578 | 1 Ubuntu | 1 Ubuntu Linux | 2017-09-29 | 6.2 MEDIUM | N/A |
| GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | |||||
| CVE-2008-7066 | 1 2enetworx | 1 Openforum | 2017-09-29 | 7.5 HIGH | N/A |
| OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters. | |||||
| CVE-2008-7117 | 1 Webidsupport | 1 Webid | 2017-09-29 | 5.0 MEDIUM | N/A |
| eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks. | |||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | |||||
| CVE-2008-6613 | 1 Abweb | 1 Minimal-ablog | 2017-09-29 | 7.5 HIGH | N/A |
| uploader.php in minimal-ablog 0.4 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. | |||||
| CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | |||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | |||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
| CVE-2009-0498 | 1 Minitdesign | 1 Virtual Guestbook | 2017-09-29 | 5.0 MEDIUM | N/A |
| Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb. | |||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | |||||
| CVE-2009-0536 | 1 Ibm | 1 Aix | 2017-09-29 | 4.9 MEDIUM | N/A |
| at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | |||||
| CVE-2009-0641 | 1 Freebsd | 1 Freebsd | 2017-09-29 | 9.3 HIGH | N/A |
| sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library. | |||||
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2017-09-29 | 5.0 MEDIUM | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | |||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | |||||
| CVE-2008-6294 | 1 Accscripts | 1 Acc Statistics | 2017-09-29 | 7.5 HIGH | N/A |
| admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||||