Atmail WebMail <= 5.6.1 (5.61) webadmin/admin.php Multiple Parameter XSS

The version of Atmail WebMail running on the remote host is vulnerable to multiple cross-site scripting issues. 'webadmin/admin.php' fails to sanitize input to the 'func' parameter, and to the 'type' parameter when 'func' is set to 'stats'. This is known to affect version 5.6.1 5.61 and may affec...

CVE-2009-1456

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

Directory traversal

Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

Sql injection

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user Username parameter...

CVE-2009-1404

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user Username parameter...

CVE-2009-1404

CVE-2009-1404 affects PastelCMS 0.8.0 (admin.php). The vulnerability is a SQL injection in which, when magic_quotes_gpc is disabled, a remote attacker can cause arbitrary SQL commands via the user (Username) parameter. The description from NVD confirms the form of injection and affected component...

Malleo 1.2.3 Local File Inclusion

Salvatore "drosophila" Fresta + Application: Malleo + Version: 1.2.3 + Website: http://www.malleo-cms.com + Bugs: A Local File Inclusion + Exploitation: Remote + Date: 17 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

Malleo 1.2.3 Local File Inclusion Vulnerability

Salvatore "drosophila" Fresta + Application: Malleo + Version: 1.2.3 + Website: http://www.malleo-cms.com + Bugs: A Local File Inclusion + Exploitation: Remote + Date: 17 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

CVE-2008-6725

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

Sql injection

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 index.php in a mythings page mythings.php and 2 the users page in admin.php...

CVE-2008-6726

Multiple directory traversal vulnerabilities in CMScout 2.06, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the bit parameter to 1 admin.php and 2 index.php, different vectors than CVE-2008-3415...

eLitius 1.0 (manage-admin.php) Add Admin/Change Password Exploit

No description provided by source. title Powered by eLitius Version 1.0 Change Password /title form action="http://esyndicat.org/admin/manage-admin.php" method="post" name="adminForm" table class="admintable" tbodytr td table class="adminform" cellpadding="0" cellspacing="0" tbody tr th...

eLitius 1.0 - manage-admin.php Arbitrary Add AdminChange Password

eLitius 1.0 - manage-admin.php Arbitrary Add AdminChange Password Powered by eLitius Version 1.0 Change Password Change Password Of admin Username: Password: Email: Dork: Powered by eLitius Version 1.0 Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 td style="font-weigh...

eLitius 1.0 - &#039;/manage-admin.php&#039; Arbitrary Add Admin/Change Password

Powered by eLitius Version 1.0 Change Password Change Password Of admin Username: Password: Email: Dork: Powered by eLitius Version 1.0 Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 Cod3d B...

X10media Mp3 Search Engine &lt; 1.6.2 - Admin Access

THUNDER Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability Author : THUNDER File : admin/admin.php Vulnerable Code / User not an administrator, redirect to main page automatically. / if!$session-isAdmin header"Location: ../main.php"; else / Administrator is viewing page, so displ...

CVE-2008-6714

CVE-2008-6714 affects xeCMS 1.0.0 RC2 and earlier. The admin.php module allows remote attackers to bypass authentication and access the admin panel by setting the xecms_username cookie, effectively elevating access without valid credentials. Root cause: authentication bypass via manipulated cooki...

CVE-2008-6639

CVE-2008-6639 affects AjaXplorer 2.3.3 and 2.3.4. A CSRF flaw in admin.php allows remote attackers to hijack administrator sessions and issue password-change requests via the update_user_pwd action. The description does not provide exploit details or verification steps, and there is no remediatio...

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

CVE-2008-6585

CVE-2008-6585 concerns a Cross-site request forgery (CSRF) vulnerability in TorrentFlux 2.3, specifically in html/admin.php, that allows remote attackers to hijack administrator authentication to add new accounts via the addUser action. The affected component is the web administration interface’s...

CVE-2008-6406

Cross-site scripting XSS vulnerability in admin.php in DataLife Engine DLE 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string...