CVE-2007-2008

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2007-2008

CVE-2007-2008 is a directory traversal vulnerability in pL-PHP beta 0.9 (admin.php) allowing remote attackers to include and execute arbitrary local files via a .. in the lang parameter. The NVD entry confirms the vulnerability and impact (partial confidentiality, integrity, and availability affe...

slaed-rfi.txt

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

Remot File Include In SLAED_CMS_2

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

CVE-2006-7173

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted optionnewreportwday parameter in a preferenze action, which can be later accessed via option/php-stats-options.php...

Lazarus Guestbook (admin.php)Remote File Include Expliot

Lazarus Guestbook admin.phpRemote File Include Expliot D.Script: http://www.carbonize.co.uk Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" Discovered by Crackman Homepage: http://www.b0rizq.biz Greetz To :B0rizq & redcasper & Draknaz kaiba & brokenproxy and all freind Exploit:...

CVE-2006-7101

The CVE-2006-7101 entry concerns PHPWind versions 5.0.1 and earlier where the admin.php component is vulnerable to SQL injection via the AdminUser cookie. The root cause is improper handling of the cookie leading to arbitrary SQL execution by remote attackers, with a high impact (base score 7.5)....

CVE-2006-7074

CVE-2006-7074 affects SmartSiteCMS 1.0. The vulnerability is in admin.php, allowing remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. The connected documents confirm the flaw but do not provide exploitation steps, a broader impact beyond a...

CVE-2006-7014

admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request...

CVE-2006-7014

CVE-2006-7014 affects BloggIT 1.01 and earlier. The issue is that admin.php does not properly establish a user session, enabling remote attackers to gain privileges via a direct request. The available connected documents confirm the affected software and the root cause (improper session establish...

CVE-2007-0835

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...

CVE-2007-0835

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...

CVE-2007-0567

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2007-0567

The CVE-2007-0567 issue is an XSS vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5, exploitable via the _p parameter in admin.php. The root cause is unsanitized input leading to injection of arbitrary script/HTML. CVSS v2 base score is 6.8 (MEDIUM) with partial impacts on confi...

CVE-2007-0567

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2007-0192

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contentsnew operation in the adcontents section...

CVE-2006-6920

Cross-site scripting XSS vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving 1 lib/ADMIN.php and 2 lib/SKIN.php...