AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. Date published : 2008-05-20 http://www.securityfocus.com/bid/29267 https://www.exploit-db.com/exploits/5645
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters. Date published : 2008-05-20 http://www.securityfocus.com/bid/29279 http://www.kb.cert.org/vuls/id/406937
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. Date published : 2008-05-19 http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/...
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." Date published : 2008-05-19 http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/ https://exchange.xforce.ibmcloud.com/vulnerabilities/42449
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-05-19 http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/ https://exchange.xforce.ibmcloud.com/vulnerabilities/42448
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. Date published : 2008-05-19 http://www.securityfocus.com/bid/29251 https://www.exploit-db.com/exploits/5624
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. Date published : 2008-05-19 http://www.securityfocus.com/bid/29251 https://www.exploit-db.com/exploits/5624
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. Date published : 2008-05-19 http://www.securityfocus.com/bid/29251 https://www.exploit-db.com/exploits/5624
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter...
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038,...
Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. Date published : 2008-05-19 http://www.securityfocus.com/bid/29226 https://www.exploit-db.com/exploits/5616
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b)...
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. Date published : 2008-05-19 http://www.securityfocus.com/bid/29249 https://www.exploit-db.com/exploits/5626
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained...