Authentication flaw

The checkpassword function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password...

ignycsm.com XSS vulnerability

Open Bug Bounty ID: OBB-459363 Description| Value ---|--- Affected Website:| ignycsm.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2015-4658

CVE-2015-4658 is described across multiple sources as a SQL injection vulnerability in the Milw0rm Clone Script 1.0. The affected component is the admin/login.php script, with input fields (1) usr and (2) pwd used to construct SQL queries, enabling remote attackers to execute arbitrary SQL comman...

CVE-2012-1665

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...

Nukeviet 2.0 'admin/login.php' Cookie Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30681/info Nukeviet is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain...

PHPEasyData 1.5.4 - admin/login.php username Field SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to...

Koobi Pro 6.1 - Gallery (img_id)

No description provided by source. Koobi Pro v6.1 gallery imgid AUTHOR : BILGEKAGAN HOME : http://www.1923turk.biz DORK 1 : allinurl: index.php?p=gallerypic imgid EXPLOiT: index.php?p=gallerypic&imgid=-1+union+select+0,1,2,concatemail,0x3a,pass,4,5,6,7,8+from+kpro6user aDMN PANEL: admin/login.php...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Limny 3.0.1 admin/login.php is vulnerable to Cross‑Site Scripting via PATH_INFO (PHP_SELF). OpenVAS confirms a Limny XSS issue; no explicit patch/fix details are provided in the supplied documents. A Limny 3.0.2.x release is referenced, but no confirmed remediation is stated here.

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-4679

CVE-2012-4679: A cross-site scripting (XSS) vulnerability exists in Newscoop's admin/login.php prior to version 3.5.5, exploitable via the f_user_name parameter to inject arbitrary web script/HTML. The issue stems from insufficient input handling in that parameter, enabling remote attackers to ex...

Multiple vulnerabilities in osCmax

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in osCmax: CVE-2012-1664 1.1 Input passed via the "username" POST parameter to...

Open redirect

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 r parameter to switch.php or 2 goto parameter to admin/login.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

Sql injection

SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-4842

The vulnerability is a SQL injection in admin/login.php of the MHP DownloadScript (aka MH Products Download Center) version 2.2. The root cause is improper handling of the Name parameter, enabling remote attackers to craft inputs that cause arbitrary SQL execution. Impact per sources is uncontrol...

DGNews 2.1 SQL Injection

Remote SQL Injection Vulnerability name : DGNews v 2.1 Author : kalashnikov dork : inurl:news.php?go=fullnews&newsid admincp : admin/login.php // the user is "admin"===========MYSQL INJ======= http://localhost/pach/news.php?go=fullnews&newsid=1' =========================== Warning: mysqlnumrows:...

CVE-2009-2883

An SQL injection vulnerability in SaphpLesson 4.0 (admin/login.php) can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL via the cp_username parameter. The issue is related to an error in the CleanVar function in includes/functions.php. CVSS v2 ba...

Sql injection

SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...