Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6052 1 Preprojects 1 Pre E-learning Portal 2026-04-23 N/A
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-6053 1 Preprojects 1 Pre Resume Submitter 2026-04-23 N/A
PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-6054 1 Preprojects.com 1 Pre Courier And Cargo Business 2026-04-23 N/A
PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-6055 1 Preprojects 1 Pre Classified Listings 2026-04-23 N/A
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-6057 1 Liberum 1 Liberum Help Desk 2026-04-23 N/A
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2008-6059 1 Webkit 1 Webkit 2026-04-23 N/A
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
CVE-2008-6065 1 Oracle 1 Database Server 2026-04-23 N/A
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.
CVE-2008-6098 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
CVE-2008-6109 1 Shelter Manager 1 Animal Shelter Manager 2026-04-23 N/A
Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens, related to the "double click selector bug"; or modifying a (2) animal, (3) owner, (4) lost/found, (5) diary note, (6) owner donation, or (7) waiting list record, related to "change permissions" and the "new UI."
CVE-2008-6125 2 Debian, Moodle 2 Debian Linux, Moodle 2026-04-23 N/A
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2008-6136 1 Drupal 1 Everyblog 2026-04-23 N/A
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors.
CVE-2008-6137 1 Drupal 2 Drupal, Everyblog 2026-04-23 N/A
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.
CVE-2008-6147 1 Aspapp 1 Forumapp 2026-04-23 N/A
ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.
CVE-2008-6160 1 Drupal 1 Semantically Interconnected Online Communities 2026-04-23 N/A
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors.
CVE-2008-6199 1 2532gigs 1 2532gigs 2026-04-23 N/A
2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.
CVE-2008-6799 1 Tufat 1 Flashchat 2026-04-23 N/A
connection.php in FlashChat 5.0.8 allows remote attackers to bypass the role filter mechanism and gain administrative privileges by setting the s parameter to "7."
CVE-2008-6844 1 Ez 1 Ez Publish 2026-04-23 N/A
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
CVE-2008-6869 1 Oramon 1 Oramon 2026-04-23 N/A
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
CVE-2008-6870 1 Merlix 1 Educate Server 2026-04-23 N/A
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
CVE-2008-6871 1 Merlix 1 Educate Server 2026-04-23 N/A
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.