4 matches found
CVE-2008-6231
CVE-2008-6231 describes a cookie-based authentication bypass in a PHP application, where remote attackers can gain administrative access by setting the cookies adminname and adminid to "admin". The available documents explicitly state the vulnerability is an authentication flaw allowing privilege...
CVE-2008-6888
CVE-2008-6888 is a cross-site scripting (XSS) vulnerability in signup.asp of Pre Classified Listings 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via the address parameter. The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with a network attack vector, no co...
CVE-2008-6887
CVE-2008-6887: A SQL injection vulnerability affects the application Pre Classified Listings 1.0, specifically the detailad.asp component via the siteid parameter. Root cause is an unsafely constructed database query allowing arbitrary SQL commands. Impact is described as partial confidentiality,...
CVE-2008-6055
The vulnerability CVE-2008-6055 affects PreProjects Pre Classified Listings, where the file pclasp.mdb is stored under the web root with insufficient access control. This allows remote attackers to obtain passwords via a direct request. The core issue is inadequate access restrictions on a databa...