PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained...
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. Date published : 2008-06-26 https://www.exploit-db.com/exploits/5895...
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Date published : 2008-06-26 https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the...
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu. Date published : 2008-06-26 http://www.securityfocus.com/bid/29884 http://www.securityfocus.com/archive/1/493568/100/0/threaded
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in...
PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. Date published : 2008-06-26...
Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter. Date published : 2008-06-26 http://www.securityfocus.com/bid/29934 http://www.securityfocus.com/bid/30705
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter. Date published : 2008-06-26 http://www.securityfocus.com/bid/29930 https://www.exploit-db.com/exploits/5932
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050. Date published : 2008-06-26 http://www.securityfocus.com/bid/29931...
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. Date published : 2008-06-26...
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. Date published : 2008-06-26 http://www.securityfocus.com/bid/29875 https://www.exploit-db.com/exploits/5895
Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance...
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php. Date published : 2008-06-26...