Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-12 | CVE-2008-6940 | Permissions, Privileges, and Access Controls vulnerability in Turnkeyforms web Hosting Directory TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db. | 7.5 |
2009-08-12 | CVE-2008-6939 | Improper Authentication vulnerability in Turnkeyforms web Hosting Directory TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username. | 7.5 |
2009-08-11 | CVE-2008-6938 | Improper Input Validation vulnerability in Holger Zimmermann Pi3Web Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | 4.3 |
2009-08-11 | CVE-2008-6937 | Code Injection vulnerability in Jabber Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. | 10.0 |
2009-08-11 | CVE-2008-6936 | Code Injection vulnerability in Jabber Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | 9.3 |
2009-08-11 | CVE-2008-6935 | Code Injection vulnerability in JOE Fuhrman Exodus 0.10 Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | 10.0 |
2009-08-11 | CVE-2008-6934 | Code Injection vulnerability in Sansuart Free Simple Guestbook PHP Script Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. | 7.5 |
2009-08-11 | CVE-2008-6933 | Path Traversal vulnerability in Minigal B13 Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. | 5.0 |
2009-08-11 | CVE-2008-6932 | Permissions, Privileges, and Access Controls vulnerability in Alstrasoft Sendit Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | 7.5 |
2009-08-11 | CVE-2008-6931 | Permissions, Privileges, and Access Controls vulnerability in PHPstore PHPcareers Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images. | 6.5 |