Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/managerusers.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the saveadmin action to admin/index.php...

Azeno CMS SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================== Azeno CMS SQL Injection Vulnerability ===================================== ExploiT Vulnerable File : http://127.0.0.1/admin/index.php?id=SQL ExploiT : -1 UNION SELECT 1,2,3,4,5,6,7 FROM dcuser Example...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 inc/login.php, 3 admin/index.php, and 4 admin/forgot.php...

CVE-2009-4561

Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

moziloCMS Multiple Cross Site Scripting Vulnerabilities

The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities OpenVAS Vulnerability Test $Id: gbmoziloCMSmultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ moziloCMS Multiple Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009...

Bitrix Site Manager Remote File Inclusion

Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just write this exploit under perl module...

Bitrix Site Manager Multiple Remote File Include Vulnerability

No description provided by source. + Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just...

CVE-2009-3667

CVE-2009-3667 affects AdsDX 3.05. A SQL injection in admin/index.php via the Username parameter allows remote attackers to execute arbitrary SQL commands. Root cause: insufficient input validation/escaping enabling injection. Impact per sources: attacker could potentially access/modify data (part...

CVE-2009-3315

The affected software is NeLogic Nephp Publisher Enterprise (versions 3.5.9 and 4.5). The vulnerability is a SQL injection in admin/index.php via the Username field, caused by improper handling of input in the web application. This allows remote attackers to execute arbitrary SQL commands, with t...

Authentication flaw

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMINHora, ADMINLogado, and ADMINNome cookies to certain values, as reachable in Admin/index.php...

CVE-2008-7179

OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMINHora, ADMINLogado, and ADMINNome cookies to certain values, as reachable in Admin/index.php...

CVE-2009-2340

CVE-2009-2340 affects Opial 1.0: the admin/index.php module is vulnerable to SQL injection via the txtUserName (User Name) parameter, enabling remote execution of arbitrary SQL commands. Some sources also mention txtPassword and other parameters, but the core detail is the improper input filterin...

tsep 0.942.02 - Multiple Vulnerabilities

tsep 0.942.02 - Multiple Vulnerabilities TSEP "0" && $percent = "100" 62: $sqlins = "INSERT INTO $dbtablename alttag,display,valuepercent,imageshow,comment 63: VALUES '$alt','$display',...

CVE-2009-2018

CVE-2009-2018 is a SQL injection vulnerability in the admin/index.php of Jared Eckersley’s MyCars. When magic_quotes_gpc is disabled, an attacker can craft the authuserid parameter to execute arbitrary SQL commands. The NVD entry rates it as a Medium impact (CVSSv2 6.8) with partial impact on con...

CVE-2009-1813

Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via 1 the uNev parameter aka the username field or 2 the uJelszo parameter aka the Password field...

CVE-2009-1813

CVE-2009-1813 affects Submitter Script 2, specifically the admin/index.php component. It is vulnerable to SQL injection through two parameters, uNev (username) and uJelszo (password), allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 7.5 (HIG...

CVE-2009-1804

Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

CVE-2009-1804

CVE-2009-1804 refers to multiple SQL injection vulnerabilities in VideoScript.us YouTube Video Script, specifically in admin/index.php, where the attacker can manipulate the (1) username and (2) password parameters to execute arbitrary SQL commands remotely. The affected software/function is the ...

Sql injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 Password fields, as reachable from admin/index.php...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...