CVE-2008-6789

CVE-2008-6789 : A SQL injection vulnerability affects MindDezign Photo Gallery 2.2. The vulnerability is triggered by the username parameter in the login action to the admin module in index.php, allowing remote attackers to execute arbitrary SQL commands. This is a different vector from CVE-2008-...

CVE-2008-6790

CVE-2008-6790 affects MindDezign Photo Gallery 2.2, where the admin module allows remote attackers to add administrative users and obtain privileges by submitting a modified username parameter in an edit account action to index.php. The NVD entry cites a base score of 5.1 (MEDIUM) with network at...

CVE-2009-1458

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the slab parameter in an edit action, 2 the catname parameter in a showcats action, and 3 the cat parameter in a reordercat action...

CVE-2008-6596

SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Nortel Networks SRG V16 - admin_modules.php?module Traversal Local File Inclusion

Nortel Networks SRG V16 - adminmodules.php?module Traversal Local File Inclusion source: https://www.securityfocus.com/bid/30687/info Navboard is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability. An attacker can exploit the local file-include...

Sql injection

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to 1 gbuch.admin.php, 2 links.admin.php, 3 menue.admin.php, 4 news.admin.php, and 5 todo.admin.php in admin/module/...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ltarget parameter to a admin/adminframe.php and the 2 conf parameter to b gbuch.admin.php, c links.admin.php, d menue.admin.php, e...

CVE-2008-2533

Multiple cross-site scripting XSS vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ltarget parameter to a admin/adminframe.php and the 2 conf parameter to b gbuch.admin.php, c links.admin.php, d menue.admin.php, e...

PT-2007-6241 · Frontaccounting · Frontaccounting

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting FA 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to 1 access/logout.php or certain PHP scripts under 2 admin/, 3 dimensions/, 4 gl/, 5 inventory/, 6 manufacturing/, 7...

CVE-2007-4741

Cross-site scripting XSS vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Sql injection

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...

CVE-2007-2248

Multiple cross-site scripting XSS vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the 1 groupid parameter in the groups module or 2 the smileyid parameter in the smileys modsettings module...

CVE-2007-2191

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

CVE-2007-0372

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via 1 the active parameter in admin/modules/modules.php; the 2 adclass, 3 imageurl, 4 clickurl, 5 adcode, or 6 position parameter in modules/Advertising/admin/index.php;...

Yappa-NG Admin_Module_Deldir.Inc.PHP远程文件包含漏洞

Yappa-NG是一款基于PHP的WEB应用程序。 Yappa-NG不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'AdminModuleDeldir.Inc.PHP'脚本对用户提交的'configpathsrcinclude'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 yappa-ng yappa-ng 2.3.1 yappa-ng yappa-ng 2.3 .0 yappa-ng yappa-ng 2.2.2 yappa-ng yappa-ng 2.2.1 yappa-ng yappa-...

yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit

============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

Directory traversal

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories possibly only empty directories via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue;...