SudBox Boutique 1.2 - login.php Authentication Bypass

SudBox Boutique 1.2 - login.php Authentication Bypass source: https://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically...

Py-Membres 4.0 - SQL Injection

source: https://www.securityfocus.com/bid/7301/info A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the login.php file included with Py-Membres. Because of this, a...

CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table...

CVE-2002-0995

PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...

phpAuction 12 - Unauthorized Administrative Access

phpAuction 12 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. A flaw in /admin/login.php has been reported in PHPAuction, whic...