CVE-2008-6943

Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/...

CVE-2008-6948

Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to 1 the showproject acti...

CVE-2008-6942

Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System aka Real Estate Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in...

Unrestricted file upload

Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/carsimages/...

CVE-2008-6929

Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/carsimages/...

CVE-2008-6932

Unrestricted file upload vulnerability in submitfile.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/...

CVE-2008-6930

Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/reimages/...

CVE-2008-6931

Unrestricted file upload vulnerability in PHPStore Job Search aka PHPCareers allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseekerprofileimages...

Unrestricted file upload

Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/...

Unrestricted file upload

Unrestricted file upload vulnerability in editresumenext.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos...

Authentication flaw

Zeeways SHAADICLONE 2.0 allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin/home.php...

Unrestricted file upload

Unrestricted file upload vulnerability in viewprofile.php in Zeeways ZEEPROPERTY 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile modification, then accessing a related file via a direct request to the file in...

CVE-2008-6913

Unrestricted file upload vulnerability in editresumenext.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos...

Unrestricted file upload

Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/...

CVE-2008-6902

Unrestricted file upload vulnerability in uploadflyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/...

Information disclosure

FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function...

CVE-2009-2648

FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function...

Improper access control

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb...

Improper access control

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb...

CVE-2008-6872

ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...