CVE-2006-5451

Multiple cross-site scripting XSS vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 file, and 3 users array variables in a admin.php, which are not properly handled when the administrator views the Activity Log; and the 4 torrent...

CVE-2006-5451

CVE-2006-5451 describes multiple XSS flaws in TorrentFlux 2.1. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via: (1) admin.php parameters (action, file, users array) when viewing the Activity Log, and (2) startpop.php torrent parameter used by displayName. The vector...

Easynews 4.4.1 - admin.php Authentication Bypass

Easynews 4.4.1 - admin.php Authentication Bypass +------------------------------------------------------------------------------------------- + Easynews +------------------------------------------------------------------------------------------- + Details: + Easynews doesn't properly check to...

Easynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications ================================================================= Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability =================================================================...

Easynews &lt;= 4.4.1 (admin.php) Authentication Bypass Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability +------------------------------------------------------------------------------------------- + Affected...

YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ YaBBSM 3.0.0 Offline.php Remote File Include Vulnerability ============================================================ DESCRIPTION Remote file include vuln found by sZ oct 09,...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

CVE-2006-5227 describes a cross-site scripting (XSS) vulnerability in TorrentFlux 2.1, specifically in admin.php, where an attacker can inject arbitrary script or HTML via the $user_agent value (likely from the User-Agent header) and possibly the $ip_resolved variable. The connected sources reaff...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...

CVE-2006-4827

Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to 1 admin.php, 2 chart.php, 3 modes.php, or 4 stats.php...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

CVE-2006-4328

CloudNine Interactive Links Manager 2006-06-12 is affected by an SQL injection in admin.php via the nick parameter when magic_quotes_gpc is off. The vulnerability allows remote attackers to execute arbitrary SQL commands, as documented in multiple sources (eVuln/SECURITYVULNS entries). The issue ...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

[Full-disclosure] SmartSiteCMS v1.0 authentication bypass

SmartSiteCMS v1.0 authentication bypass STATUS: I contacted the vendor more than 2 months ago and still no response. TECHNICAL INFO ================================================================ One of the worst cms I've ever seen regarding security, no input sanitation at all. Bypassing...

CVE-2006-3963

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the 1 sitename parameter to a signup.php, and the 2 id, 3 deleteuserbanner, 4 viewmem, 5 viewmemunb, 6 viewunmem,or 7 deleteuser parameters to b admin.php...