CVE-2007-6458

SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php...

CVE-2007-6414

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a...

CVE-2007-6414

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a...

CVE-2007-6414

The CVE-2007-6414 issue affects Adult Script (admin/administrator.php) versions 1.6 and earlier, where redirecting to the browser without an exit allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. The flaw can further be leveraged to execu...

Sql injection

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

CVE-2007-5453

CVE-2007-5453 concerns Php-Stats 0.1.9.2, which contains multiple eval-injection vulnerabilities. The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the _options table, which is subsequently evaluated via ...

CVE-2007-5032

Cross-site request forgery CSRF vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified addname and addradminsuper parameters...

CVE-2007-5032

CVE-2007-5032 is a Cross-site request forgery (CSRF) in admin.php of Francisco Burzi’s PHP-Nuke. An attacker can add administrative accounts by sending a request that abuses AddAuthor with crafted add_name/add_radminsuper parameters. Documented impact includes partial confidentiality, integrity, ...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

Code injection

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel...

Code injection

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

CVE-2007-4932

Shop-Script FREE 2.0 and earlier is affected by CVE-2007-4932: admin.php fails to exit after a redirect when administrative credentials are missing, allowing an unauthenticated remote attacker to access the admin panel. The NVD entry confirms the bypass/panel access impact, and Nessus notes a lik...

CVE-2007-4933

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

Sql injection

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...

CVE-2007-4421

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...

CVE-2007-4421

CVE-2007-4421 affects Olate Download (od) 3.4.1. The vulnerability is a SQL injection in Admin.php exploitable via an OD3_AutoLogin cookie, enabling remote attackers to execute arbitrary SQL commands. Root cause is the unsafely handled cookie value in the Admin.php flow, leading to compromised da...

CVE-2007-4421

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...