VRNews 1.1.1 - 'admin.php' Remote Security Bypass

VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3. /VRNews/admin.php?act=config 4. /VRNews/admin.php?act=del...

Sql injection

SQL injection vulnerability in admin.php in MyNews 0.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie...

CVE-2007-2520

SQL injection vulnerability in admin.php in MyNews 0.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie...

CVE-2007-2520

CVE-2007-2520 affects MyNews 0.10. SQL injection in admin.php via the authacc cookie when PHP magic_quotes_gpc is disabled. The vulnerability allows remote execution of arbitrary SQL commands and could lead to data exposure or modification; impact is described as partial confidentiality/integrity...

MyNews version 0.10 SQL Injection Vulnerability

netVigilance Security Advisory 25 MyNews version 0.10 SQL Injection Vulnerability Description: MyNews is very easy to include into any website news publishing, just as simple as using the include tag and calling the function to display the news. BBCode has been added to this feature, so now you d...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the siteurl parameter...

CVE-2007-2937

TROforum 0.1 must vulnerable through admin/admin.php’s site_url parameter, enabling a remote file inclusion that allows arbitrary PHP code execution. Root cause: improper handling of external URLs in site_url. Severity: CVSS v2 base score 7.5 (HIGH). No remediation details are provided in the ava...

troforum01-rfi.txt

TROforum 0.1...

TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability

No description provided by source. TROforum 0.1 = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=%22TROforum+0.1%22&meta= Vuln Code ERROR1:admin/admin.php include "$siteurl/trofimov.php"; include "$siteurl/narod.php"; RFI...

TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== TROforum 0.1 admin.php siteurl Remote File Inclusion Vulnerability ===================================================================== TROforum 0.1 = Remote File...

TROforum 0.1 - admin.php?site_url Remote File Inclusion

TROforum 0.1 - admin.php?siteurl Remote File Inclusion TROforum 0.1 = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=%22TROforum+0.1%22&meta= Vuln Code ERROR1:admin/admin.php include "$siteurl/trofimov.php"; include "$siteurl/narod.php"; RFI BUG1...

CVE-2007-2626

SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries...

CVE-2007-2626

CVE-2007-2626: SQL injection reported in the admin.php file of SchoolBoard, potentially via (1) username and (2) password parameters. The CVE description notes that the issue is disputed because the username parameter may not exist and the password is not used in any queries. Connected documents ...

PT-2007-3945 · Unknown · Schoolboard

Name of the Vulnerable Software and Affected Versions: SchoolBoard affected versions not specified Description: The issue concerns a SQL injection vulnerability in the admin.php file of SchoolBoard. This vulnerability potentially allows remote attackers to execute arbitrary SQL commands. However,...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the 1 ADMINUSER USER and 2 ADMINPASS PASS parameters during a login. NOTE: CVE disputes this vulnerability, since ADMINUSER/ADMINPASS are initialized before use...

CVE-2007-2534

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the 1 ADMINUSER USER and 2 ADMINPASS PASS parameters during a login. NOTE: CVE disputes this vulnerability, since ADMINUSER/ADMINPASS are initialized before use...

CVE-2007-2534

CVE-2007-2534 pertains to phpHoo3, where multiple SQL injection vulnerabilities are described in admin.php, exploitable via login parameters (ADMIN_USER/USER and ADMIN_PASS/PASS). The root cause is ambiguous in some sources, but the connected documents consistently cite SQL injection in the login...

CVE-2007-2534

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the 1 ADMINUSER USER and 2 ADMINPASS PASS parameters during a login. NOTE: CVE disputes this vulnerability, since ADMINUSER/ADMINPASS are initialized before use...

CVE-2007-2534

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the 1 ADMINUSER USER and 2 ADMINPASS PASS parameters during a login. NOTE: CVE disputes this vulnerability, since ADMINUSER/ADMINPASS are initialized before use...

phphoo3-sql.txt

phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... download:http://cable-modems.org/phpHoo/files/phphoo3.zip author : iLker Kandemir mynet.com Risk : High Class : Remote Vuln. Script : phpHoo3 tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.php code ;...