CVE-2009-1780

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified formadminuser and formadminpass parameters...

CVE-2009-1658

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user username and 2 password parameters. NOTE: some of these details are obtained from third party information...

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user username and 2 password parameters. NOTE: some of these details are obtained from third party information...

CVE-2009-1658

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user username and 2 password parameters. NOTE: some of these details are obtained from third party information...

CVE-2009-1658

CVE-2009-1658 corresponds to multiple SQL injection vulnerabilities in Realty Web-Base 1.0, specifically in the admin/admin.php module. The root cause, as described across the provided records, is improper handling of user input (parameters: username and password), enabling remote attackers to co...

Million Dollar Text Links 1.0 - Arbitrary Authentication Bypass

Million Dollar Text Links 1.0 - Arbitrary Authentication Bypass --------------------------------------------------------------- --------------------------------------------------------------- Million Dollar Text Links 1.0 Authenication Bypass...

Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS

The version of Atmail WebMail running on the remote host is vulnerable to multiple cross-site scripting issues. 'webadmin/admin.php' fails to sanitize input to the 'func' parameter, and to the 'type' parameter when 'func' is set to 'stats'. This is known to affect version 5.6.1 5.61 and may affec...

CVE-2009-1456

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

Sql injection

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user Username parameter...

CVE-2009-1404

CVE-2009-1404 affects PastelCMS 0.8.0 (admin.php). The vulnerability is a SQL injection in which, when magic_quotes_gpc is disabled, a remote attacker can cause arbitrary SQL commands via the user (Username) parameter. The description from NVD confirms the form of injection and affected component...

CVE-2009-1404

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user Username parameter...

Malleo 1.2.3 Local File Inclusion

Salvatore "drosophila" Fresta + Application: Malleo + Version: 1.2.3 + Website: http://www.malleo-cms.com + Bugs: A Local File Inclusion + Exploitation: Remote + Date: 17 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

Malleo 1.2.3 Local File Inclusion Vulnerability

Salvatore "drosophila" Fresta + Application: Malleo + Version: 1.2.3 + Website: http://www.malleo-cms.com + Bugs: A Local File Inclusion + Exploitation: Remote + Date: 17 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

CVE-2008-6725

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

Sql injection

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

CVE-2008-6726

Multiple directory traversal vulnerabilities in CMScout 2.06, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the bit parameter to 1 admin.php and 2 index.php, different vectors than CVE-2008-3415...

eLitius 1.0 (manage-admin.php) Add Admin/Change Password Exploit

No description provided by source. title Powered by eLitius Version 1.0 Change Password /title form action="http://esyndicat.org/admin/manage-admin.php" method="post" name="adminForm" table class="admintable" tbodytr td table class="adminform" cellpadding="0" cellspacing="0" tbody tr th...

eLitius 1.0 - manage-admin.php Arbitrary Add AdminChange Password

eLitius 1.0 - manage-admin.php Arbitrary Add AdminChange Password Powered by eLitius Version 1.0 Change Password Change Password Of admin Username: Password: Email: Dork: Powered by eLitius Version 1.0 Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 td style="font-weigh...

eLitius 1.0 - &#039;/manage-admin.php&#039; Arbitrary Add Admin/Change Password

Powered by eLitius Version 1.0 Change Password Change Password Of admin Username: Password: Email: Dork: Powered by eLitius Version 1.0 Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 Cod3d B...