350 matches found
CVE-2012-1054
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login...
PT-2011-1330 · Cre Loaded · Cre Loaded
Name of the Vulnerable Software and Affected Versions: CRE Loaded versions prior to 6.3.x CRE Loaded version 6.2.14 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by sending a request with specific PHP files,...
PT-2009-5715 · Zenas · Zenas Paobacheca Guestbook
Name of the Vulnerable Software and Affected Versions: Zenas PaoBacheca Guestbook version 2.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the login ok parameter to 1 when register globals is enabled...
PT-2007-6213 · Frontaccounting · Frontaccounting
Name of the Vulnerable Software and Affected Versions: FrontAccounting version 1.13 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to specific PHP files, such as "access/login.php" and "includes/lang/language.php", when registe...
PT-2005-2861 · Jiro · Jiro'S Upload System
Name of the Vulnerable Software and Affected Versions: JiRo's Upload System JUS version 1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the login.asp file. Recommendations: For JiRo's Upload System JUS version 1, avoid...
PT-2005-2867 · Wwweb Concepts · Wwweb Concepts Events System
Name of the Vulnerable Software and Affected Versions: WWWeb Concepts Events System version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This can lead to unauthorized access and manipulation of database...
PT-2005-2863 · Unknown · Livingmailing
Name of the Vulnerable Software and Affected Versions: livingmailing version 1.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password in the login.asp file. There is little public information available about the product and its vendor. Recommendations:...
PT-2005-2722 · Ezdwc · Ezdwc Newsletterez
Name of the Vulnerable Software and Affected Versions: ezdwc NewsletterEz version 3.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the password parameter in the "login.asp" file. Recommendations: For ezdwc NewsletterEz version 3.0, conside...
DEBIAN-CVE-2004-1737
SQL injection vulnerability in authlogin.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username or 2 password parameters...
PT-2002-2745 · Horde · Horde Imp
Name of the Vulnerable Software and Affected Versions: Horde IMP version 2.2.7 Description: The issue allows remote attackers to obtain the full web root pathname via specific HTTP requests. This can be achieved by requesting certain files, including poppassd.php3, login.php3?reason=chpass2,...