CVE-2008-7026

Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in 1 student/avatars/ or 2...

CVE-2008-7021

Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory...

CVE-2008-7010

Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php...

CVE-2008-7008

HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db...

CVE-2008-7010

Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php...

Unrestricted file upload

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp...

Design/Logic Flaw

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to 1 edit-comments.php, 2 edit-pages.php, 3 edit.php, 4 edit-category-form.php, 5 edit-link-category-form.php, 6 edit-tag-form.php, 7...

CVE-2009-2854

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to 1 edit-comments.php, 2 edit-pages.php, 3 edit.php, 4 edit-category-form.php, 5 edit-link-category-form.php, 6 edit-tag-form.php, 7...

CVE-2008-6978

Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp...

WordPress <= 2.8.2 - Multiple Vulnerabilities #1

Because of these vulnerabilities, the attackers can make unauthorized edits or additions via a direct request to edit-category-form.php, edit-pages.php, edit-comments.php, edit-link-category-form.php, or edit.php. Solution Update WordPress...

Authentication flaw

AJ Square AJ Auction OOPD, Pro Platinum Skin 1, Pro Platinum Skin 2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to 1 site.php, 2 auction.php, 3 mail.php, 4 feesetting.php, 5...

Authentication flaw

AJ Square AJ Auction Pro Platinum Skin 1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php...

CVE-2008-6963

admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request...

Improper access control

TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db...

Unrestricted file upload

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in carsimages/...

Unrestricted file upload

Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System aka Real Estate Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in...

Unrestricted file upload

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to 1 the showproject acti...

Unrestricted file upload

Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/...

Improper access control

mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini...

CVE-2008-6944

Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in carsimages/...