CVE-2009-0739

CVE-2009-0739 affects the MyNews 0.10 web application, specifically the login.php component. The vulnerability is a SQL injection in the authentication path, exploitable through the parameters (1) username and (2) passwd, enabling remote attackers to execute arbitrary SQL commands. The CVSS metri...

CVE-2009-0740

SQL injection vulnerability in login.php of BlueBird Prelease can be exploited via (1) username and (2) passwd parameters to execute arbitrary SQL commands. Root cause is improper input handling in the login routine, enabling remote attackers to manipulate queries. Impact per the record indicates...

CVE-2009-0710

Multiple cross-site scripting XSS vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via 1 the user parameter to login.php or 2 the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2009-0710

CVE-2009-0710 : The connected documents describe two cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6. An attacker can inject arbitrary script or HTML via (1) the user parameter to login.php and (2) the dbfield parameter to filter.php. The notes do not provide details on affected ver...

CVE-2009-0709

The CVE-2009-0709 entry describes a SQL injection vulnerability in PHPFootball 1.6, specifically in login.php where the user parameter can be used by remote attackers to execute arbitrary SQL commands. Affected component: PHPFootball 1.6 (login.php). Underlying cause: unsanitized user input leadi...

Oracle Secure Backup Multiple Command Injections (CVE-2008-4006; CVE-2008-5448; CVE-2008-5449)

Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup Administration Server provides a single point of data management across network attached storage NAS devices and distributed hosts. Several command injection vulnerabilities were reported in...

CVE-2008-6236

CVE-2008-6236 is a SQL injection in the login.php of Simple Document Management System (SDMS) versions 1.1.5 and 1.1.4 (and possibly earlier). The vulnerability allows remote attackers to inject arbitrary SQL commands via the login parameter, enabling potential data compromise. The entry notes pr...

CVE-2008-6236

SQL injection vulnerability in login.php in Simple Document Management System SDMS 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2008-6220

SQL injection vulnerability in login.php in Simple Document Management System SDMS 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter...

CVE-2008-6220

CVE-2008-6220 affects Simple Document Management System (SDMS) versions 1.1.5 and 1.1.4 (and possibly earlier). The vulnerability is a SQL injection in login.php that allows remote attackers to execute arbitrary SQL commands via the pass parameter. Root cause: unsanitized user input fed into a SQ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

CVE-2008-6127 affects moziloCMS

AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...

Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...

CVE-2009-0493

SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username...

AuthPhp 1.0 SQL Injection

0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code $username = $POST'username'; $passwd =...

BlueBird Pre-Release SQL Injection

0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...

AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================== AuthPhp 1.0 Auth Bypass SQL Injection Vulnerability ===================================================== 0x01 Informations: Name : AuthPhp 1.0 Download :...

Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...