Export limit exceeded: 342293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6966 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | N/A |
| AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php. | ||||
| CVE-2008-6963 | 1 Turnkeyforms | 1 Text Link Sales | 2025-04-09 | N/A |
| admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request. | ||||
| CVE-2008-6960 | 1 X10media | 1 X10 Automatic Mp3 Script | 2025-04-09 | N/A |
| download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php. | ||||
| CVE-2008-6957 | 1 Discuz | 1 Discuz\! | 2025-04-09 | N/A |
| member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | ||||
| CVE-2008-6954 | 1 Michael Dehaan | 1 Cobbler | 2025-04-09 | N/A |
| The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules. | ||||
| CVE-2008-6940 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | N/A |
| TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | ||||
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | ||||
| CVE-2008-6931 | 1 Phpstore | 1 Phpcareers | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | ||||
| CVE-2008-6930 | 1 Phpstore | 1 Real Estate | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/. | ||||
| CVE-2008-6929 | 1 Phpstore | 1 Auto Classifieds | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/. | ||||
| CVE-2008-6928 | 1 Phpstore | 1 Complete Classifieds | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/. | ||||
| CVE-2008-6921 | 1 W2b | 1 Phpadboard | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/. | ||||
| CVE-2008-6918 | 1 Theportal2.pl | 1 Theportal2 | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/. | ||||
| CVE-2008-6914 | 1 Zeeways | 1 Zeeproperty | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in companylogo/. | ||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2025-04-09 | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | ||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2025-04-09 | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | ||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2025-04-09 | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | ||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2025-04-09 | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | ||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2025-04-09 | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | ||||
| CVE-2008-6302 | 1 Turnkeyforms | 1 Local Classifieds | 2025-04-09 | N/A |
| TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site_Admin/admin.php. | ||||