CVE-2008-3925

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

CVE-2008-3925

CSRF in Content Management Made Easy (CMME) 1.12 affects admin.php, enabling a remote attacker to trigger logout of an administrative user via a logout action. The connected CVE/DOCs confirm the vulnerability and affected component but do not provide a patch version or mitigation steps within the...

CMME 1.12 - Local File Inclusion Cross-Site Scripting Cross-Site Request ForgeryDownload BackupMake Directory

CMME 1.12 - Local File Inclusion Cross-Site Scripting Cross-Site Request ForgeryDownload BackupMake Directory + CMME 1.12 LFI/XSS/CSRF/Download Backup/MkDir Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz :...

Banner Management Script (tr.php id) Remote SQL Injection Vulnerability

No description provided by source. || | | Banner Management Script tr.php id Remote SQL Injection Vulnerability | | |---------------------S.W.A.T.----------------------| | | Author: S.W.A.T. | | Home : www.svvat.ir | | email: svvateamatYahooDoTcom | | | | | | | script :...

Phpcms 2 0 0 7 remote file inclusion vulnerability-vulnerability warning-the black bar safety net

PS:@extract function. Phpcms 2 0 0 7 remote file include vulnerability Flyh4t w. s. t www.wolvez.org The cms is the core configuration file/include/common. inc. php has a defect -------------------------------------------- //2 3 row start @extract$POST, EXTROVERWRITE; @extract$GET, EXTROVERWRITE;...

CVE-2008-3453

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."...

CVE-2008-3453

ImpressCMS 1.0 is listed with CVE-2008-3453 for multiple vulnerabilities affecting modules/admin.php and a few files. The connected records state unknown impact and attack vectors, with a high risk score (CVSS v2: AV:N/AC:L/Au:N/C:C/I:C/A:C, base score 10.0). No concrete root cause, affected vers...

CVE-2008-3453

Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."...

JnSHosts PHP Hosting Directory 'admin.php'远程文件包含漏洞

BUGTRAQ ID: 30428 CNCAN ID：CNCAN-2008073110 JnSHosts PHP Hosting Directory是一款基于PHP的论坛程序。 JnSHosts PHP Hosting Directory不正确过滤用户提交的参数，远程攻击者可以利用漏洞以WEB进程权限执行任意PHP代码。 问题是'admin.php'脚本不正确过滤用户提交的WEB参数，指定远程服务器上的任意文件作为包含对象，可导致以WEB进程权限执行任意PHP代码。 JnSHosts PHP Hosting Directory 2.0 目前没有解决方案提供：...

PHP Hosting Directory 2.0 (admin.php rd) RFI Vulnerability

No description provided by source. Name Of Script : PHP Hosting Directory 2.0 Download From : http://jnshosts.com/download/phphostdirectory.zip Found By : RoMaNcYxHaCkEr My Homepage : WwW.4RxH.CoM My Group : RoMaNTiC-TeaM Type Of Exploit : RFI P.O.C. :...

PHP Hosting Directory 2.0 (admin.php rd) RFI Vulnerability

Exploit for unknown platform in category web applications ========================================================== PHP Hosting Directory 2.0 admin.php rd RFI Vulnerability ========================================================== Name Of Script : PHP Hosting Directory 2.0 Download From :...

Phpcms 2007 common.inc.php远程文件包含漏洞

该cms的核心配置文件/include/common.inc.php有缺陷 -------------------------------------------- //23行开始 @extract$POST, EXTROVERWRITE; @extract$GET, EXTROVERWRITE; unset$POST, $GET; ------------------------------------------------ 这里extract函数会导致变量覆盖，可能引发一系列的问题...

CVE-2008-3080

Cross-site request forgery CSRF vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899...

CVE-2008-3080

MyBloggie 2.1.6 (myWebland) is affected by two related issues. First, CVE-2008-3080 describes a CSRF vulnerability in admin.php that allows remote attackers to perform edit actions as administrators; this may enable combined or chained actions. Second, CVE-2007-1899 (and related records) document...

CVE-2007-1899

Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via 1 the userid parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via 2 the postid parameter in ...

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误，如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话，则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段： admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...

CVE-2008-2353

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the show parameter...

Directory traversal

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the show parameter...

CVE-2008-2353

Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the show parameter...

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ GNU/Gallery = 1.1.1.0 admin.php Local File Inclusion Vulnerability +==-- --==+================================================================================+==--...