CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

CVE-2009-3068

Unrestricted file upload vulnerability in the RoboHelpServer Servlet robohelp/server in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive .jsp file during a PUBLISH action, then accessing it via a direct request to the file in the...

Information disclosure

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 class/class.conffw.php, 2 class.module/class.eventmanager.php, 3 lib/lib.domxml5.php, or 4 menu/menuover.php in doceboCore/; or 5 class/class.confcms.php, 6 lib/lib.compose.php, 7...

Unrestricted file upload

Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/...

Improper access control

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...

CVE-2008-7115

The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to 1 statusprocess.exe, 2 systemall.exe, or 3 restore.exe in cgi-bin/. NOTE: the setupdns.exe...

OpenForum 'profile.php' Authentication Bypass Vulnerability

This host is installed with OpenForum and is prone to Authentication Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodopenforumauthbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenForum 'profile.php' Authentication Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 20...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE:...

Server side request forgery (ssrf)

CuteFlow 2.10.3 and 2.11.0c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request...

CVE-2009-2960

CuteFlow 2.10.3 and 2.11.0c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request...

Improper access control

Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb...

Improper access control

All Club CMS ACCMS 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat...

Improper access control

Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql...

Authentication flaw

AJ Square Free Polling Script AJPoll Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php...

Authentication flaw

NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp...

Authentication flaw

AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...

Unrestricted file upload

Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in reimages/...

CVE-2008-7047

NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp...

CVE-2008-7052

Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in reimages/...

CVE-2008-7029

Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/...