CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

CVE-2007-4156

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

woliocms-sql.txt

wolioCMS - SQL Injection and Bypass Administrator Login Vendor : http://www.buton.web.id/member.php?member=anon Download : http://www.buton.web.id/download/woliocms.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg @irc.dal.net Exploit ini berhasil jika...

Sql injection

SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-3789

The CVE-2007-3789 issue affects Inmostore 4.0, specifically the admin/index.php entry point. The vulnerability is a SQL injection in the Password field that permits remote attackers to execute arbitrary SQL commands. The available documents confirm the affected component (admin/index.php) and the...

CVE-2007-3643

CVE-2007-3643 affects AV Arcade 2.1b. The vulnerability arises in admin/index.php where the ava_userid cookie value of 1 grants administrative privileges, enabling remote attackers to perform certain admin actions. The root cause is improper authentication/authorization tied to the ava_userid coo...

Code injection

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

CVE-2007-2155

Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. dot dot in the modify parameter in a template action to admin/index.php...

CVE-2007-2105

CVE-2007-2105 affects Monkey CMS 0.0.3. The vulnerability is a directory traversal in admin/index.php that lets an attacker cause local-file inclusion and execution by supplying … in the admin_skin parameter, enabling arbitrary code execution on the server. The NVD entry reports a CVSS v2 base sc...

CVE-2007-1935

PHP file inclusion vulnerability in admin/index.php in ScarAdControl ScarAdController 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the fileexists function...

2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 = admin/index.php Remote File Include Vulnerability Script: 2BGal Version: 3.1.1 Download: http://www.ben3w.com/multimedia/2bgal.zip Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in:...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

Directory traversal

Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. dot dot in the 1 act or 2 pid parameter to the top-level URI index.php, or the 3 action parameter to admin/index.php. NOTE: some of these details are obtained from third part...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

iPrimal Forums (admin/index.php) Remote File Include Vulnerability

No description provided by source. iPrimal Forums Remote File Inclusion Download:http://ipigroup.org/downloads/forums.zip Found by Bl0od3r Vulnerable Code: line 126-129 ..... if$GET'p' == '' echo 'Please select an item from the menu above.'; else include$GET'p'.'.php'; ..... Affected File:...

CVE-2006-5787

admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chkadmin.php...

CVE-2006-5068

This CVE (CVE-2006-5068) is a PHP remote file inclusion vulnerability in Brudaswen’s admin/index.php for BrudaNews 1.1 and earlier and BrudaGB 1.1 and earlier. The flaw allows a remote attacker to execute arbitrary PHP code by supplying a URL in the o parameter, enabling unauthenticated, network‑...

CVE-2006-5021

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in 1 the root parameter in imgen.php, and the rootpath parameter in 2 admin/config.php, 3 common.php, and 4 admin/index.php. NOTE: the provenance of this...

PT-2006-5762 · Redgun · Redblog

Name of the Vulnerable Software and Affected Versions: redgun RedBLoG version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the root parameter in "imgen.php", and the root path parameter in "admin/config.php",...