CVE-2008-0266

The CVE-2008-0266 entry describes a CSRF vulnerability in the eTicket 1.5.5.2 product, specifically in the file admin.php, which allows remote attackers to change the administrative password and potentially perform other administrative tasks. The note states that either the attacker must know the...

CVE-2008-0266

Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...

CVE-2008-0267

CVE-2008-0267 describes multiple SQL injection vulnerabilities in eTicket 1.5.5.2. The flaws allow remote authenticated users to inject arbitrary SQL via search.php parameters (status, sort, way) and remote authenticated administrators to inject via admin.php parameters (msg, password). The root ...

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

CVE-2008-0245

CVE-2008-0245 affects admin.php in UploadImage 1.0, where the original password is not validated before updating to a new password. This allows remote attackers to gain administrator privileges by supplying a pass parameter in a nopass (Set Password) action. The connected documents confirm the vu...

CVE-2008-0245

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

CVE-2008-0246

admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

Directory traversal

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

eTicket 1.5.5.2 - admin.php Cross-Site Request Forgery

eTicket 1.5.5.2 - admin.php Cross-Site Request Forgery source: https://www.securityfocus.com/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection...

CVE-2007-6658

CVE-2007-6658 concerns a SQL injection in the CustomCMS (CCMS) 3.1 Demo, specifically in the files/admin.php/vars.php. The underlying issue is an injection vulnerability exploitable via the p parameter on the Console page, enabling remote attackers to execute arbitrary SQL commands. The available...

New Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною новых Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах edit.php и admin.php в параметре page Full path disclosure: http://site/wp-admin/edit.php?page= http://site/wp-admin/admin.php?page= Данные...

Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах admin.php параметр import и themes.php параметр page. Full path disclosure: http://site/wp-admin/admin.php?import=....wp-config...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the comoption parameter...

CVE-2007-6564

Cross-site scripting XSS vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the comoption parameter...

CVE-2007-6458

SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php...

CVE-2007-6414

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a...

CVE-2007-6414

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a...

CVE-2007-6414

The CVE-2007-6414 issue affects Adult Script (admin/administrator.php) versions 1.6 and earlier, where redirecting to the browser without an exit allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. The flaw can further be leveraged to execu...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

Sql injection

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...