Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter in a setup action to admin/company.php, or the PATHINFO to 2 admin/securityother.php, 3 admin/events.php, or 4 admin/user.php...

CVE-2008-6966

AJ Square AJ Auction Pro Platinum Skin 1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php...

Authentication flaw

AJ Square AJ Auction Pro Platinum Skin 1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php...