CVE-2009-4980

Multiple cross-site scripting XSS vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 where parameter to search.php and 2 qc parameter to admin.php...

CVE-2010-2615

Grafik CMS 1.1.2 (admin/admin.php) contains Cross-Site Scripting (XSS) flaws that allow injection of arbitrary HTML/JS via the page_menu (settings) and description (edit_page) parameters. The vulnerability arises from input sanitization errors in /admin/admin.php. Exploitation requires the attack...

CVE-2010-2614

SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an editpage action...

CVE-2010-2614

Grafik CMS 1.1.2 (admin/admin.php) is affected by an SQL injection via the id parameter in the edit_page action. All connected sources consistently describe this vulnerability and its impact as arbitrary SQL execution on remote attackers; details on vulnerable versions beyond 1.1.2 are not explic...

Grafik CMS - admin.php SQL Injection Cross-Site Scripting

Grafik CMS - admin.php SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41227/info Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

OneCMS 2.6.1 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/40431/info ImpressPages CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

REvolution 10.02 - Cross-Site Request Forgery

Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinnpdsrevolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status:...

ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39901/info ecoCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

CVE-2009-4827

The CVE-2009-4827 issue affects Mail Manager Pro, specifically the admin.php component. A cross-site request forgery (CSRF) vulnerability exists that allows remote attackers to hijack administrator sessions and perform password-change actions via a crafted request. The underlying impact is that a...

ZykeCMS 1.1 SQL Injection

====================================================== ZykeCMS V1.1 Auth Bypass SQL Injection Vulnerability ====================================================== Author : Giuseppe 'giudinvx' D'Inverno Email : Date : 04-16-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy...

Zyke CMS 1.1 - Authentication Bypass

====================================================== ZykeCMS V1.1 Auth Bypass SQL Injection Vulnerability ====================================================== Author : Giuseppe 'giudinvx' D'Inverno Email : Date : 04-16-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy...

CVE-2009-4674

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

Code injection

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

CVE-2009-4674

The CVE-2009-4674 entry affects Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script. The flaw in admin/admin.php allows remote attackers to change an arbitrary password by modifying a user_id field, indicating an authentication/configuration weakness in the user management func...

CVE-2009-4674

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

phpBazar 'classified.php' SQL Injection Vulnerability

The host is running phpBazar and is prone to SQL Injection vulnerability. OpenVAS Vulnerability Test $Id: gbphpbazarsqlinjvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ phpBazar 'classified.php' SQL Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Phpwind7.5 后台本地包含漏洞

文件：hack\rate\admin.php 源码： ?php !functionexists'readover' && exit'Forbidden'; define "HR", RP . "hack/rate/" ; define "LR", RP . "lib/" ; InitGP array 'ajax' ; $action = strtolower $job ? $job : "admin" ; $filepath = HR . "action/" . $action . "Action.php"; ! fileexists $filepath && exit ; if $jo...

Simple PHP Guestbook 1.0 Administrative Access

Vendor: http://www.simplephpguestbook.com/ Version: 1.0 Tested on: Windows and Linux -------------------------------------- Simple PHP Guestbook Remote Admin Access Exploit Created by Sora + contact: vhr95zw at hotmail.com Description: Simple PHP Guestbook suffers an remote access in the guestboo...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...