CVE-2004-0358

Cross-site scripting XSS vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via 1 the mainnews parameter in admin.php, 2 the expand parameter in admin.php, 3 the id parameter in admin.php, 4 the catid parameter in admin.php, or 5 a...

Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. All...

PHP-Nuke 6.6 - admin.php SQL Injection

PHP-Nuke 6.6 - admin.php SQL Injection source: https://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the...

PHP-Nuke 6.6 - 'admin.php' SQL Injection

source: https://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the admin.php file, specifically when...

CVE-2003-0588

admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password...

Invision Power Board (IP.Board) 1.0/1.1/1.2 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8381/info Invision Power Board admin.php script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in an Invision Power Board script on user-influenced URI...

miniPortail (PHP) : Admin Access

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 and less ? Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php :...

PT-2003-1480 · Unknown · Miniportail

Name of the Vulnerable Software and Affected Versions: miniPortail affected versions not specified Description: The issue allows remote attackers to gain administrative privileges. This is achieved by setting the miniPortailAdmin cookie to an "adminok" value in the admin.php file. Recommendations...

CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to...

CVE-2002-0491

The CVE-2002-0491 entry concerns AlGuest 1.0 guestbook’s admin.php authentication, which incorrectly relies on the existence of an admin cookie. An attacker can set the admin cookie to an arbitrary value, bypassing authentication and gaining administrative privileges. The vulnerability is web‑acc...

CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHPSELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user...

CVE-2001-0854

CVE-2001-0854 affects PHP-Nuke 5.2. An attacker can copy and delete arbitrary files by invoking case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes case.filemanager.php appear to be called by admin.php. The description documents the vulnerability mechan...

CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to...