CVE-2006-2527

CVE-2006-2527 affects phpBazar 2.1.0 and earlier. The vulnerability in Admin/admin.php allows remote attackers to bypass authentication and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. The description indicates...

BoastMachine 3.1 - admin.php Cross-Site Scripting

BoastMachine 3.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18012/info BoastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

Design/Logic Flaw

PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the 1 admin.php or 2 settings.php page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameters in a index.php, and the 3 mod parameter in b admin.php...

CVE-2006-2084

Multiple cross-site scripting XSS vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameters in a index.php, and the 3 mod parameter in b admin.php...

CVE-2006-2091

admin.php in Virtual War VWar 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwarroot parameter, which reveals the path in an error message...

CVE-2006-1853

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the 1 id parameter in a user.php, or 2 where and 3 order parameters to b admin.php...

Sql injection

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1755

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-1755

MD News 1 admin.php is affected by an SQL injection in the id parameter that allows remote attackers to run arbitrary SQL. Root cause: improper handling of input leading to SQL injection. Impact: potential unauthorized data exposure or modification; exploitation is remote over the network with lo...

CVE-2006-1755

SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 email and 2 id parameters...

CVE-2006-1710

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 email and 2 id parameters...

CVE-2006-1710

CVE-2006-1710: SQL injection vulnerability in admin.php of Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. The affected software appears to be Design Nation DNGuestbook 2.0, with the injection point in admin.php. The...

Sql injection

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

CVE-2006-1543

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

CVE-2006-1276

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie...

Directory traversal

Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

MyBloggie: Multiple XSS Vulnerabilities

=========================================================== MyBloggie: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-002, March 9, 2006 ==========================================================...