CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

CVE-2008-6585

CVE-2008-6585 concerns a Cross-site request forgery (CSRF) vulnerability in TorrentFlux 2.3, specifically in html/admin.php, that allows remote attackers to hijack administrator authentication to add new accounts via the addUser action. The affected component is the web administration interface’s...

CVE-2008-6406

Cross-site scripting XSS vulnerability in admin.php in DataLife Engine DLE 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-6406

CVE-2008-6406 is an XSS vulnerability reported in DataLife Engine (DLE) 7.2, located in admin.php and exploitable via the query string. The affected component is the admin interface; the underlying issue is improper handling of user-supplied input in the query parameters, allowing an attacker to ...

Design/Logic Flaw

zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php...

CVE-2009-0807

CVE-2009-0807 affects zFeeder 1.6. The vulnerability is an admin authentication bypass allowing remote attackers to gain administrative access by accessing the admin.php page directly. Connected Nessus data notes the default installation of zFeeder uses empty values for the admin username and pas...

CVE-2008-6360

Cross-site scripting XSS vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-6302

TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to SiteAdmin/admin.php...

Directory traversal

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

CVE-2009-0722

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

Sql injection

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2008-6264

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2008-6264

CVE-2008-6264 : Affected product is E-topbiz Slide Popups 1.0; vulnerability in the admin.php script (password parameter) enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause appears to be insufficient input validation/sanitization in the affected code pa...

zFeeder 1.6 - 'admin.php' Admin Bypass

-----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 - admin.php Admin Bypass

zFeeder 1.6 - admin.php Admin Bypass -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 (admin.php) No Authentication Vulnerability

No description provided by source. -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to 1 admin.php, 2 index.php, 3 sess.php, 4 stats.php, 5 detail.php, 6 resize.php, and 7 show.php. NOTE: the provenance of this...

CVE-2008-6212

Php-Stats 0.1.9.1 is affected by a cross-site scripting (XSS) vulnerability in admin.php, exploitable via the sel_mese and sel_anno parameters in a systems action. The issue could allow a remote attacker to inject arbitrary web script or HTML when the affected page is loaded. No remediation detai...