PHP-Nuke <= 5.2 Arbitrary File Upload Vulnerability

PHP-Nuke is prone to an arbitrary file upload vulnerability in admin.php. SPDX-FileCopyrightText: 2001 SecurITeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

CVE-2005-3082

SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the userpasssha1 value in a cookie...

CVE-2005-3082

SEO-Board 1.0.2 contains a SQL injection in admin.php exploitable via the user_pass_sha1 value in a cookie, allowing remote arbitrary SQL execution. The vulnerability details come from CVE-2005-3082/NVD; CVSS v2 base score 7.5 (HIGH) with network/low complexity, no authentication required, and pa...

CVE-2005-3082

SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the userpasssha1 value in a cookie...

SEO-Board < 1.03 admin.php user_pass_sha1 Cookie SQL Injection

Binary data 3242.prm...

CVE-2005-2699

CVE-2005-2699 concerns PHP-Kit 1.6.1 where an unrestricted file upload in admin/admin.php via images.php allows uploading a .php file to content/images/ and executing arbitrary PHP code. The vulnerability requires the attacker to be a remote authenticated administrator, implying privilege within ...

CVE-2004-2443

The CVE affects Jaws 0.3. An authentication bypass is possible via an HTTP request to admin.php where the cookie is set to the MD5 hash of a null password; this is compared against the logged session variable in application.php’s logged_on function. This yields a likely auth bypass with partial c...

CVE-2004-2443

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the loggedon function in application.php...

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...

CVE-2005-2332

CVE-2005-2332 describes a cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter to admin.php or login.php. The provided sources confirm the affected product/version and the vulnerable ...

CVE-2005-2203

CVE-2005-2203 affects phpWishlist prior to 0.1.15. The vulnerability allows remote attackers to bypass authentication by issuing a direct request to admin.php, enabling access without valid credentials. Root cause details are not provided in the documents beyond the bypass vector. Impact is descr...

CVE-2005-2203

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php...

CVE-2005-2203

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CVE-2005-1998

CVE-2005-1998 is a directory traversal vulnerability affecting McGallery 1.1, where the lang parameter can be exploited with .. to read arbitrary files from the server. The commonly cited references (NVD, CVE List, CVE.org) confirm the issue and the affected product/version, but the materials do ...

CVE-2005-1803

CVE-2005-1803 affects Net Portal Dynamic System (NPDS) 5.0. The description lists multiple XSS vectors: via the language parameter to admin.php or powerpack_f.php; the sitename parameter to sdv_infos.php; the categories parameter to faq.php; the lettre parameter to the glossaire module; the title...

CVE-2005-1803

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 admin.php, or 2 powerpackf.php, 3 the sitename parameter to sdvinfos.php, 4 the categories parameter to faq.php, 5...

CVE-2004-1842

PHP-Nuke 6.x through 7.1.0 is affected by a CSRF that lets an attacker gain administrative privileges via an image tag pointing to admin.php. The PT-2004-2741 entry confirms the issue and recommends upgrading to a version containing the fix; no specific fixed version is provided in the sources.

CVE-2004-1842

Cross-site request forgery CSRF vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...