CVE-2006-1083

Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-1083

CVE-2006-1083 describes multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier. The flaws allow remote attackers to read (and possibly execute) arbitrary files by supplying a .. (dot dot) in parameters such as option[language] and option[template], targeting admin.php and o...

PHP-Stats <= 0.1.9.1 remote commands execution

------------- PHP-Stats = 0.1.9.1 remote commands execution ------------------- software: site: http://www.phpstats.net/ description: Open source statistical package for PHP enabled web sites -------------------------------------------------------------------------------- i vulnerable code in...

CVE-2006-0801

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php...

Design/Logic Flaw

admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter...

CVE-2006-0215

Cross-site scripting XSS vulnerability in admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216...

CVE-2006-0215

CVE-2006-0215 corresponds to an XSS vulnerability in QualityEBiz Quality PPC (QPPC) 1.0 build 1644, specifically in admin.php where the cpage parameter can be exploited to inject arbitrary script/HTML. The description notes this issue may be a result of CVE-2006-0216, indicating potential overlap...

CVE-2006-0215

Cross-site scripting XSS vulnerability in admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216...

CVE-2005-2466

Multiple SQL injection vulnerabilities in the authuser function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

CVE-2005-4572

Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the 1 GroupsId and 2 ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-4572

Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the 1 GroupsId and 2 ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. dot dot in the iduser parameter...

CVE-2005-3547

CVE-2005-3547 affects Invision Power Board 2.1. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via multiple input fields (e.g., adsess, name, description in admin.php, ACP Notes, Member Name, Password, Email Address, Comp...

CVE-2005-3550

CVE-2005-3550 affects toendaCMS prior to 0.6.2, where the admin.php engine allows directory traversal via the id_user parameter, enabling remote access to arbitrary files. Connected sources also document additional vulnerabilities in toendaCMS

CVE-2005-3547

Cross-site scripting XSS vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 adsess, 2 name, and 3 description parameters in admin.php, and the 4 ACP Notes, 5 Member Name, 6 Password, 7 Email Address, 8 Components, and multiple other...

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. dot dot in the iduser parameter...

CVE-2005-3588

SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field...

[SA17471] toendaCMS Disclosure of Sensitive Information

TITLE: toendaCMS Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA17471 VERIFY ADVISORY: http://secunia.com/advisories/17471/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: toendaCMS 0.x http://secunia.com/product/6059/ DESCRIPTION:...

Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15344/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...