Lucene search
K
PreprojectsPre Classified Listings

4 matches found

CVE
CVE
added 2009/02/20 11:0 p.m.47 views

CVE-2008-6231

CVE-2008-6231 describes a cookie-based authentication bypass in a PHP application, where remote attackers can gain administrative access by setting the cookies adminname and adminid to "admin". The available documents explicitly state the vulnerability is an authentication flaw allowing privilege...

7.5CVSS7.5AI score0.02907EPSS
CVE
CVE
added 2009/08/03 2:0 p.m.45 views

CVE-2008-6888

CVE-2008-6888 is a cross-site scripting (XSS) vulnerability in signup.asp of Pre Classified Listings 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via the address parameter. The NVD entry lists a CVSSv2 base score of 4.3 (Medium) with a network attack vector, no co...

4.3CVSS5.9AI score0.01475EPSS
CVE
CVE
added 2009/08/03 2:0 p.m.41 views

CVE-2008-6887

CVE-2008-6887: A SQL injection vulnerability affects the application Pre Classified Listings 1.0, specifically the detailad.asp component via the siteid parameter. Root cause is an unsafely constructed database query allowing arbitrary SQL commands. Impact is described as partial confidentiality,...

7.5CVSS8.7AI score0.00987EPSS
CVE
CVE
added 2009/02/04 3:10 p.m.39 views

CVE-2008-6055

The vulnerability CVE-2008-6055 affects PreProjects Pre Classified Listings, where the file pclasp.mdb is stored under the web root with insufficient access control. This allows remote attackers to obtain passwords via a direct request. The core issue is inadequate access restrictions on a databa...

5CVSS6.8AI score0.01147EPSS