110 matches found
PT-2007-3426 · Mobilepublisher · Mobilepublisherphp
Name of the Vulnerable Software and Affected Versions: MobilePublisherphp version 1.1.2 Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the auth method parameter to various PHP files in the admin directory, including "index.php",...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2006-6192
Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are...
CVE-2006-6192
CVE-2006-6192 affects 8pixel.net SimpleBlog 3.0 and earlier, where unspecified scripts in the admin directory do not properly authenticate. This allows remote attackers to add users and perform other unauthorized privileged actions. The CVSS metrics indicate NETWORK attack vector, no authenticati...
Advisory: Remote command execution in planetGallery
Advisory: Remote command execution in planetGallery An admin of planetGallery is allowed to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP. Details ======= Product...
CVE-2006-2235
CodeMunkyX aka free-php.net Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application...
Design/Logic Flaw
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...
CVE-2006-0697
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests...
CVE-2006-0500
MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL...
CVE-2006-0500
MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL...
CVE-2005-4653
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting viewcaricatier.php, and then requesting any file in the admin directory with a cookieusername=admin argument...
AL-Caricatier.txt
Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:viewcaricatier. php Vunlerability in an included file called ss.php which resides in the admin...
[Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions
Vulnerability in AL-Caricatier,V.2.5 Hello... i found a vulneribility in an program called AL-Caricatier it's an arabic program site: http://www.php-ar.com Vulnerability: Login Bypass GoogleDork: inurl:viewcaricatier. php Vunlerability in an included file called ss.php which resides in the admin...
CVE-2005-2881
CVE-2005-2881 affects phpCommunityCalendar 4.0.3. Remote attackers can bypass authentication via a direct request to the admin directory. NVD CVSS v2 base score 7.5 (HIGH): NETWORK vector, low attack complexity, no authentication required; confidentiality, integrity, and availability are partiall...
CVE-2005-2881
phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory...
phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting
phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...
PHPMyFAQ 1.5.1 - Password.php SQL Injection
PHPMyFAQ 1.5.1 - Password.php SQL Injection source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could...
Website Baker Project Multiple Vulnerabilities
---------------------------------------------------------- Website Baker Project Multiple Vulnerabilities ---------------------------------------------------------- Vulnerabilities --------------- 1 admin/media/browse.php The "dir" parameter is vulnerable to xss. Also the script blocks ../ but if...
Multiple Vulnerabilities in PHP Surveyor
----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...
osCommerce update.php readme_file Parameter Arbitrary File Disclosure
The osCommerce installation on the remote host has a supplementary script, 'extras/update.php', that fails to validate user-supplied input to the 'readmefile' parameter before using that to display a file. An attacker can exploit this flaw to read arbitrary files on the remote host, such as the...