CVE-2008-6596

CVE-2008-6596 affects PHCDownload 1.1, specifically the admin/index.php component. The vulnerability is a SQL injection via the hash parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact per the CVE is partial confidentiality, integrity, and availability exposu...

CVE-2009-1038

Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 imageid parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the 2 user parameter in a modif action to admin/index.php...

CVE-2008-6272

Dragan Mitic Apoll web app (0.7 beta and 0.7.5) contains an SQL injection in admin/index.php. The vulnerability arises from insufficient input sanitization of the pass parameter, enabling remote attackers to manipulate SQL commands. Affected component: admin/index.php; vulnerable vector is user-s...

CVE-2008-6270

SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter...

CVE-2009-0707

SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter aka login field. NOTE: some of these details are obtained from third party information...

CVE-2009-0707

CVE-2009-0707 is a SQL injection vulnerability in PowerClan 1.14a, specifically in admin/index.php where the loginemail parameter (login field) can be used to execute arbitrary SQL commands. The available connected documents confirm the affected component (admin/index.php), the software/version (...

CVE-2009-0597

CVE-2009-0597 describes an SQL injection in the w3b>cms (aka w3blabor CMS) admin/index.php before version 3.4.0, exploitable when magic_quotes_gpc is disabled. A remote attacker can inject SQL via the benutzername (Username) field in the login action, potentially executing arbitrary SQL comman...

Sql injection

SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php...

CVE-2008-6104

Summary of CVE-2008-6104 (A4Desk Event Calendar SQLi) Affects: A4Desk PHP Event Calendar.Vulnerability: SQL injection via the eventid parameter to admin/index.php, caused by insufficient input sanitization.Impact: Remote attackers could execute arbitrary SQL commands (partial confidentiality/ int...

Directory traversal

Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. dot dot in the 1 mod, 2 page, or 3 lang parameter to index.php; or the 4 action or 5 folder parameter in a security request to admin/index.php...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5927

CVE-2008-5927 describes multiple SQL injection vulnerabilities in FlexPHPNews 0.0.6, specifically in admin/usercheck.php. The attack surface is the login path at admin/index.php, where user-supplied inputs in the checkuser (username) and checkpass (password) parameters appear to be unsafely handl...

phpList <= 2.10.8 Variable Overwriting

The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...

w3bcms - &#039;/admin/index.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/33310/info The 'w3bcms' application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

phpList 2.10.8 - Local File Inclusion

phpList 2.10.8 - Local File Inclusion www.BugReport.ir AmnPardaz Security Research Team Title: phpList Local File inclusion Vendor: http://www.phplist.com Bug: Local File Inclusion Vulnerable Version: 2.10.8 prior versions also may be affected Exploitation: Remote with browser Fix: N/A Original...

CVE-2008-5306

An SQL injection vulnerability exists in PG Real Estate Solution: admin/index.php accepts the login_lg (username) parameter in a way that allows remote attackers to execute arbitrary SQL commands. The issue is tied to the login handling code and carries a CVSS v2 base score of 7.5 (HIGH) with par...

CVE-2008-5307

CVE-2008-5307: A SQL injection vulnerability exists in admin/index.php of the PG Roommate Finder Solution, exploitable via the login_lg parameter. The flaw enables remote attackers to execute arbitrary SQL commands. The NVD entry notes this as a high-severity issue (CVSSv2 base score 7.5; AV:N/AC...

CVE-2008-5131

Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via 1 the aid parameter to articledetails.php, and the 2 username and 3 password to the admin panel admin/index.php...

CVE-2008-5047

The CVE-2008-5047 entry describes an SQL injection vulnerability in Mole Group Rental Script, specifically in admin/index.php where the username parameter can be exploited to execute arbitrary SQL commands. Affected software/component: Mole Group Rental Script’s admin/index.php. Root cause: impro...

accstatistics-insecure.txt

/ / \ / / / / / / / / / / / /\ / / / / / / / / / / / / / / \ / // // / / / / // // / // / / / / / / / // / / / / / / //, / // //,/// // // /,// // // // Discovered by : Hakxer Type Gap : AccStatistics v1.1 Insecure Cookie Handling Script : http://www.accscripts.com/accstatistics.html...