CVE-2008-2298

CVE-2008-2298 affects Web Slider 0.6. The vulnerability arises in Admin.php where a remote attacker can bypass authentication and gain elevated privileges by setting the admin cookie to 1. The issue is a cookie-based auth bypass, enabling unauthorized access to privileged functionality. The provi...

CVE-2008-2297

The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "", which is present in the password file and probably passes an insufficient comparison...

CVE-2008-2282

admin.php in Internet Photoshow and Internet Photoshow Special Edition SE allows remote attackers to bypass authentication by setting the loginadmin cookie to true...

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. 0day.today 2018-04...

GNUGallery 1.1.1.0 - admin.php Local File Inclusion

GNUGallery 1.1.1.0 - admin.php Local File Inclusion --==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dor...

GNU/Gallery 1.1.1.0 - &#039;admin.php&#039; Local File Inclusion

--==+================================================================================+==-- --==+ GNU/Gallery Vulnerability: http://site.com/admin.php?show=../../../../../../../etc/passwd NOTE/TIP: fair amount of sites running, althou no good dork. GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !...

internetphotoshow-cookie.txt

--==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 M...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178...

CVE-2008-2196

The CVE-2008-2196 entry concerns a Cross-Site Scripting (XSS) flaw in LifeType; specifically admin.php handles addBlogUser via the newBlogUserName parameter (LifeType 1.2.8). The vulnerability allows remote attackers to inject arbitrary script/HTML, a vector distinct from CVE-2008-2178. Public re...

CVE-2008-2196

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178...

Internet PhotoShow (Special Edition) - Insecure Cookie Handling

--==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 M...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation aka an admin category search...

CVE-2008-2178

Technical details for CVE-2008-2178 are not publicly available in the provided documents; monitor for updates.

Sql injection

SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php...

Directory traversal

Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the style parameter...

CVE-2008-2076

Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the style parameter...

phpDirectorySource 1.1 - Multiple SQL Injections

phpDirectorySource 1.1 - Multiple SQL Injections |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...

aal-lfi.txt

ActualAnalyzer Lite free 2.78 LOCAL FILE INCLUSION AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr Scrip...

CVE-2008-1860

Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...

CVE-2008-1860

LokiCMS versions 0.3.3 and earlier are affected by a static code injection vulnerability in admin.php, allowing remote attackers to inject arbitrary PHP into includes/Config.php via the default parameter. The issue arises from the underlying code path described in CVE-2008-1860 and is rated with ...