Cross site scripting

Cross-site scripting XSS vulnerability in admin.php aka the login page in Content Management Made Easy CMME before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field...

CVE-2009-2342

Cross-site scripting XSS vulnerability in admin.php aka the login page in Content Management Made Easy CMME before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field...

CVE-2009-2342

CVE-2009-2342 is an XSS in Content Management Made Easy (CMME) prior to 1.22, affecting admin.php (the login page). The vulnerability allows remote attackers to inject arbitrary scripts via the username field in the login form. Documents consistently describe the flaw as a cross-site scripting is...

phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling

phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling + phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download Script :...

phpMyBlockchecker 1.0.0055 Insecure Cookie

phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download Script : http://sourceforge.net/project/showfiles.php?groupid=116966&packageid=152150&releaseid=326884 + Insecure Cookie Handling - Vulnerable code...

phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ================================================================= phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability ================================================================= + phpMyBlockchecker 1.0.0055 Insecure...

CVE-2009-2234

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter $PHPAUTHUSER and 2 Password parameter $PHPAUTHPW...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter $PHPAUTHUSER and 2 Password parameter $PHPAUTHPW...

CVE-2009-2234

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter $PHPAUTHUSER and 2 Password parameter $PHPAUTHPW...

CVE-2009-2234

CVE-2009-2234 affects VICIdial Call Center Suite (example: 2.0.5-173) with multiple SQL injection vulnerabilities in admin.php. The root cause is unsafe handling of user-supplied input in the PHP_AUTH_USER and PHP_AUTH_PW parameters, allowing remote attackers to execute arbitrary SQL commands. Do...

CVE-2009-2116

Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. dot dot in the dir parameter...

Design/Logic Flaw

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the 1 mgroup, 2 mgr, 3 objtype, 4 id, and 5 dir parameters...

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

CVE-2009-2120

CVE-2009-2120 affects TekBase All-in-One 3.1, with multiple SQL injection vulnerabilities that let remote authenticated users execute arbitrary SQL commands. Affected vectors include the (1) ids parameter to admin.php and the (2) y parameter to members.php, among others. At least one vector is no...

CVE-2009-2115

Affected software : SkyBlueCanvas 1.1 r237. Vulnerability : admin.php exposes an information disclosure vulnerability where a remote authenticated administrator can trigger an error message via an invalid id parameter that reveals the installation path. Root cause : improper handling of the id pa...

CVE-2009-2114

SkyBlueCanvas 1.1 r237 contains multiple cross-site scripting (XSS) vulnerabilities in admin.php. The issue allows remote attackers to inject arbitrary web script or HTML via the parameters mgroup, mgr, objtype, id, and dir. The CVE entry confirms XSS but does not provide exploit details, affecte...

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

CVE-2009-2114

Multiple cross-site scripting XSS vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the 1 mgroup, 2 mgr, 3 objtype, 4 id, and 5 dir parameters...

CVE-2009-2080

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to 1 obtain sensitive configuration information via the editconfig action or 2 change the administrator's password via the id parameter in an editop action...