Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2007/04/18 12:0 a.m.6 views

PT-2007-3426 · Mobilepublisher · Mobilepublisherphp

Name of the Vulnerable Software and Affected Versions: MobilePublisherphp version 1.1.2 Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the auth method parameter to various PHP files in the admin directory, including "index.php",...

6.8CVSS7.7AI score0.01405EPSS
Exploits0References7
Prion
Prion
added 2007/04/03 4:19 p.m.19 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...

6.8CVSS7.9AI score0.02671EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2006/12/01 12:28 a.m.17 views

CVE-2006-6192

Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are...

7.5CVSS6.4AI score0.01322EPSS
Exploits0References2
CVE
CVE
added 2006/12/01 12:0 a.m.47 views

CVE-2006-6192

CVE-2006-6192 affects 8pixel.net SimpleBlog 3.0 and earlier, where unspecified scripts in the admin directory do not properly authenticate. This allows remote attackers to add users and perform other unauthorized privileged actions. The CVSS metrics indicate NETWORK attack vector, no authenticati...

7.5CVSS6.7AI score0.01322EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.49 views

Advisory: Remote command execution in planetGallery

Advisory: Remote command execution in planetGallery An admin of planetGallery is allowed to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP. Details ======= Product...

5.1CVSS7.3AI score0.017EPSS
Exploits1
Cvelist
Cvelist
added 2006/05/05 7:0 p.m.21 views

CVE-2006-2235

CodeMunkyX aka free-php.net Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application...

7.2AI score0.02513EPSS
Exploits1References3
Prion
Prion
added 2006/02/15 11:6 a.m.17 views

Design/Logic Flaw

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...

10CVSS7.3AI score0.05237EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/02/15 11:6 a.m.19 views

CVE-2006-0697

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...

10CVSS6.8AI score0.05237EPSS
Exploits0References3
NVD
NVD
added 2006/02/01 10:2 p.m.7 views

CVE-2006-0500

MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL...

7.5CVSS6.7AI score0.01321EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/02/01 10:0 p.m.16 views

CVE-2006-0500

MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL...

6.7AI score0.01321EPSS
Exploits0References2
NVD
NVD
added 2005/12/31 5:0 a.m.14 views

CVE-2005-4653

Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting viewcaricatier.php, and then requesting any file in the admin directory with a cookieusername=admin argument...

5CVSS6.9AI score0.01677EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2005/10/26 12:0 a.m.31 views

AL-Caricatier.txt

Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:viewcaricatier. php Vunlerability in an included file called ss.php which resides in the admin...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/10/22 12:0 a.m.42 views

[Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions

Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:viewcaricatier. php Vunlerability in an included file called ss.php which resides in the admin...

0.3AI score
Exploits0
CVE
CVE
added 2005/09/14 4:0 a.m.38 views

CVE-2005-2881

CVE-2005-2881 affects phpCommunityCalendar 4.0.3. Remote attackers can bypass authentication via a direct request to the admin directory. NVD CVSS v2 base score 7.5 (HIGH): NETWORK vector, low attack complexity, no authentication required; confidentiality, integrity, and availability are partiall...

7.5CVSS7.5AI score0.01843EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/09/14 4:0 a.m.17 views

CVE-2005-2881

phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory...

7.1AI score0.01843EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/09/07 12:0 a.m.248 views

phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting

phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2005/08/23 12:0 a.m.9 views

PHPMyFAQ 1.5.1 - Password.php SQL Injection

PHPMyFAQ 1.5.1 - Password.php SQL Injection source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could...

Exploits0
securityvulns
securityvulns
added 2005/07/29 12:0 a.m.24 views

Website Baker Project Multiple Vulnerabilities

---------------------------------------------------------- Website Baker Project Multiple Vulnerabilities ---------------------------------------------------------- Vulnerabilities --------------- 1 admin/media/browse.php The "dir" parameter is vulnerable to xss. Also the script blocks ../ but if...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2005/07/21 12:0 a.m.37 views

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...

1.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/21 12:0 a.m.131 views

osCommerce update.php readme_file Parameter Arbitrary File Disclosure

The osCommerce installation on the remote host has a supplementary script, 'extras/update.php', that fails to validate user-supplied input to the 'readmefile' parameter before using that to display a file. An attacker can exploit this flaw to read arbitrary files on the remote host, such as the...

5CVSS5.8AI score0.096EPSS
Exploits1References2
Rows per page
Query Builder