X10media Mp3 Search Engine < 1.6.2 - Admin Access

THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin header"Location: ../main.php"; else / Administrator is viewing page, so displ...

CVE-2008-6714

CVE-2008-6714 affects xeCMS 1.0.0 RC2 and earlier. The admin.php module allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie, effectively elevating access without valid credentials. Root cause: authentication bypass via manipulated cooki...

CVE-2008-6639

CVE-2008-6639 affects AjaXplorer 2.3.3 and 2.3.4. A CSRF flaw in admin.php allows remote attackers to hijack administrator sessions and issue password-change requests via the update_user_pwd action. The description does not provide exploit details or verification steps, and there is no remediatio...

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

CVE-2008-6585

CVE-2008-6585 concerns a Cross-site request forgery (CSRF) vulnerability in TorrentFlux 2.3, specifically in html/admin.php, that allows remote attackers to hijack administrator authentication to add new accounts via the addUser action. The affected component is the web administration interface’s...

CVE-2008-6406

Cross-site scripting XSS vulnerability in admin.php in DataLife Engine DLE 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-6406

CVE-2008-6406 is an XSS vulnerability reported in DataLife Engine (DLE) 7.2, located in admin.php and exploitable via the query string. The affected component is the admin interface; the underlying issue is improper handling of user-supplied input in the query parameters, allowing an attacker to ...

Design/Logic Flaw

zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php...

CVE-2009-0807

CVE-2009-0807 affects zFeeder 1.6. The vulnerability is an admin authentication bypass allowing remote attackers to gain administrative access by accessing the admin.php page directly. Connected Nessus data notes the default installation of zFeeder uses empty values for the admin username and pas...

CVE-2008-6360

Cross-site scripting XSS vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-6302

TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to SiteAdmin/admin.php...

Directory traversal

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

Sql injection

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2009-0722

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

CVE-2008-6264

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2008-6264

CVE-2008-6264 : Affected product is E-topbiz Slide Popups 1.0; vulnerability in the admin.php script (password parameter) enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause appears to be insufficient input validation/sanitization in the affected code pa...

zFeeder 1.6 (admin.php) No Authentication Vulnerability

No description provided by source. -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 - admin.php Admin Bypass

zFeeder 1.6 - admin.php Admin Bypass -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 - 'admin.php' Admin Bypass

-----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...