Advanced Guestbook 2.3.1 (Admin.php) Remote File Include

Advanced Guestbook 2.3.1 Admin.php Remote File Include Author: BrokeN-ProXy Script : admin.php Found : www.hotscripts.com Risk : Dangerous Dork : "powered by: Advanced Guestbook 2.3.1" Exploit: www.Site.com/AGuest Path/admin.php?includepath=Shell?cmd Notice: AGuest Path may be more than One, You...

P-Book <= 1.17 (pb_lang) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== P-Book = 1.17 pblang Remote File Inclusion Vulnerabilities ============================================================== \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / ...

P-Book 1.17 - &#039;pb_lang&#039; Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV56$2006 ------------------------------------------------------------------------------ ECHOADV56$2006 P-Book = 1.17 pblang Remote File Inclusion...

CVE-2006-5451

Multiple cross-site scripting XSS vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 file, and 3 users array variables in a admin.php, which are not properly handled when the administrator views the Activity Log; and the 4 torrent...

CVE-2006-5451

CVE-2006-5451 describes multiple XSS flaws in TorrentFlux 2.1. The vulnerabilities allow remote attackers to inject arbitrary script/HTML via: (1) admin.php parameters (action, file, users array) when viewing the Activity Log, and (2) startpop.php torrent parameter used by displayName. The vector...

Easynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications ================================================================= Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability =================================================================...

Easynews &lt;= 4.4.1 (admin.php) Authentication Bypass Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability +------------------------------------------------------------------------------------------- + Affected...

Easynews 4.4.1 - admin.php Authentication Bypass

Easynews 4.4.1 - admin.php Authentication Bypass +------------------------------------------------------------------------------------------- + Easynews +------------------------------------------------------------------------------------------- + Details: + Easynews doesn't properly check to...

YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ YaBBSM 3.0.0 Offline.php Remote File Include Vulnerability ============================================================ DESCRIPTION Remote file include vuln found by sZ oct 09,...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

CVE-2006-5227 describes a cross-site scripting (XSS) vulnerability in TorrentFlux 2.1, specifically in admin.php, where an attacker can inject arbitrary script or HTML via the $user_agent value (likely from the User-Agent header) and possibly the $ip_resolved variable. The connected sources reaff...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4827

Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to 1 admin.php, 2 chart.php, 3 modes.php, or 4 stats.php...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

CVE-2006-4328

CloudNine Interactive Links Manager 2006-06-12 is affected by an SQL injection in admin.php via the nick parameter when magic_quotes_gpc is off. The vulnerability allows remote attackers to execute arbitrary SQL commands, as documented in multiple sources (eVuln/SECURITYVULNS entries). The issue ...