CVE-2008-6406

CVE-2008-6406 is an XSS vulnerability reported in DataLife Engine (DLE) 7.2, located in admin.php and exploitable via the query string. The affected component is the admin interface; the underlying issue is improper handling of user-supplied input in the query parameters, allowing an attacker to ...

Design/Logic Flaw

zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php...

CVE-2009-0807

CVE-2009-0807 affects zFeeder 1.6. The vulnerability is an admin authentication bypass allowing remote attackers to gain administrative access by accessing the admin.php page directly. Connected Nessus data notes the default installation of zFeeder uses empty values for the admin username and pas...

CVE-2008-6360

Cross-site scripting XSS vulnerability in the userranks feature in modules/system/admin.php in ImpressCMS 1.0.2 final allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-6302

TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to SiteAdmin/admin.php...

Directory traversal

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

CVE-2009-0722

Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. dot dot in the user cookie parameter...

Sql injection

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2008-6264

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2008-6264

CVE-2008-6264 : Affected product is E-topbiz Slide Popups 1.0; vulnerability in the admin.php script (password parameter) enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause appears to be insufficient input validation/sanitization in the affected code pa...

zFeeder 1.6 - 'admin.php' Admin Bypass

-----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 - admin.php Admin Bypass

zFeeder 1.6 - admin.php Admin Bypass -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

zFeeder 1.6 (admin.php) No Authentication Vulnerability

No description provided by source. -----------------:remote bypass admin panel:----------------- ------------------------------------------------------- script:zfeeder 1.6 ------------------------------------------------------------------ download...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PhpForums.net mcGallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the lang parameter to 1 admin.php, 2 index.php, 3 sess.php, 4 stats.php, 5 detail.php, 6 resize.php, and 7 show.php. NOTE: the provenance of this...

CVE-2008-6212

Php-Stats 0.1.9.1 is affected by a cross-site scripting (XSS) vulnerability in admin.php, exploitable via the sel_mese and sel_anno parameters in a systems action. The issue could allow a remote attacker to inject arbitrary web script or HTML when the affected page is loaded. No remediation detai...

CVE-2009-0571

admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory...

CVE-2009-0571

The CVE-2009-0571 entry affects Ninja Designs Mailist 3.0. The admin.php component stores backup copies of maillist.php under the web root with insufficient access control, allowing remote attackers to obtain sensitive information via a direct request to the backup directory. The provided documen...

Graugon Gallery 1.0 (XSS/SQL/Cookie Bypass) Remote Vulnerabilities

No description provided by source. 0x01 Informations: Name : Graugon Gallery 1.0 Download : http://www.hotscripts.com/jump.php?listingid=87617&jumptype=1 Vulnerability : Sql Injection/ Insecure Cookie Handling/XSS Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug:...