Search
Total
4224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0108 | 1 Phpauctions | 1 Phpauctions | 2017-09-29 | 7.5 HIGH | N/A |
| PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | |||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2017-09-29 | 5.0 MEDIUM | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | |||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2017-09-29 | 5.0 MEDIUM | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | |||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2017-09-29 | 5.0 MEDIUM | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | |||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2017-09-29 | 5.0 MEDIUM | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5929 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2017-09-29 | 5.0 MEDIUM | N/A |
| VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2017-09-29 | 5.0 MEDIUM | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5885 | 1 Thenetguys | 1 Aspired2quote | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5873 | 1 Yerba | 1 Yerba | 2017-09-29 | 7.5 HIGH | N/A |
| Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | |||||
| CVE-2008-5855 | 1 Myphpscripts | 1 Login Session | 2017-09-29 | 5.0 MEDIUM | N/A |
| myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt. | |||||
| CVE-2008-5852 | 1 Emefa | 1 Emefa Guestbook | 2017-09-29 | 5.0 MEDIUM | N/A |
| Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for guestbook.mdb. | |||||
| CVE-2008-5840 | 1 Phpicalendar | 2 Phpicalendar, Phpicalendar2.0 | 2017-09-29 | 7.5 HIGH | N/A |
| PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. | |||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2017-09-29 | 7.5 HIGH | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2017-09-29 | 5.0 MEDIUM | N/A |
| Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | |||||
| CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2017-09-29 | 5.0 MEDIUM | N/A |
| Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | |||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 5.0 MEDIUM | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | |||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2017-09-29 | 7.2 HIGH | N/A |
| The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | |||||
| CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||||
| CVE-2008-5608 | 1 Aspapps | 1 Asp Autodealer | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | |||||
| CVE-2008-5606 | 1 Gazatem Technologies | 1 Qmail Mailing List Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | |||||
| CVE-2008-5603 | 1 Aspapps | 1 Aspticker | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | |||||
| CVE-2008-5602 | 1 Natterchat | 1 Natterchat | 2017-09-29 | 5.0 MEDIUM | N/A |
| Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | |||||
| CVE-2008-5601 | 1 Robs-projects | 1 Asp User Engine | 2017-09-29 | 5.0 MEDIUM | N/A |
| User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | |||||
| CVE-2008-5600 | 1 Merlix | 1 Teamworx Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | |||||
| CVE-2008-5597 | 1 Cold Bbs | 1 Cold Bbs | 2017-09-29 | 5.0 MEDIUM | N/A |
| Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | |||||
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | |||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2017-09-29 | 5.0 MEDIUM | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | |||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2017-09-29 | 5.0 MEDIUM | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 5.0 MEDIUM | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
| CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | |||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
| CVE-2008-5347 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | |||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | |||||
| CVE-2008-5308 | 1 Lovecms | 2 Lovecms, The Simple Forum | 2017-09-29 | 7.5 HIGH | N/A |
| The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | |||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2017-09-29 | 5.0 MEDIUM | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-5127 | 1 Ocean12 Technologies | 1 Contact Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb. | |||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2017-09-29 | 7.2 HIGH | N/A |
| dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | |||||