1593 matches found
Remot File Include In SLAED_CMS_2
By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...
CVE-2006-7173
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted optionnewreportwday parameter in a preferenze action, which can be later accessed via option/php-stats-options.php...
Lazarus Guestbook (admin.php)Remote File Include Expliot
Lazarus Guestbook admin.phpRemote File Include Expliot D.Script: http://www.carbonize.co.uk Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" Discovered by Crackman Homepage: http://www.b0rizq.biz Greetz To :B0rizq & redcasper & Draknaz kaiba & brokenproxy and all freind Exploit:...
CVE-2006-7101
The CVE-2006-7101 entry concerns PHPWind versions 5.0.1 and earlier where the admin.php component is vulnerable to SQL injection via the AdminUser cookie. The root cause is improper handling of the cookie leading to arbitrary SQL execution by remote attackers, with a high impact (base score 7.5)....
CVE-2006-7074
CVE-2006-7074 affects SmartSiteCMS 1.0. The vulnerability is in admin.php, allowing remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. The connected documents confirm the flaw but do not provide exploitation steps, a broader impact beyond a...
CVE-2006-7014
admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request...
CVE-2006-7014
CVE-2006-7014 affects BloggIT 1.01 and earlier. The issue is that admin.php does not properly establish a user session, enabling remote attackers to gain privileges via a direct request. The available connected documents confirm the affected software and the root cause (improper session establish...
CVE-2007-0835
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...
CVE-2007-0835
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...
CVE-2007-0567
Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...
CVE-2007-0567
The CVE-2007-0567 issue is an XSS vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5, exploitable via the _p parameter in admin.php. The root cause is unsanitized input leading to injection of arbitrary script/HTML. CVSS v2 base score is 6.8 (MEDIUM) with partial impacts on confi...
CVE-2007-0567
Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...
CVE-2007-0192
Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...
Cross site scripting
Cross-site scripting XSS vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contentsnew operation in the adcontents section...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...
CVE-2006-6920
Cross-site scripting XSS vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving 1 lib/ADMIN.php and 2 lib/SKIN.php...
CVE-2006-6920
CVE-2006-6920 describes a cross-site scripting (XSS) vulnerability in Nucleus CMS prior to version 3.24. The issue allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving lib/ADMIN.php and lib/SKIN.php. JVN details indicate that an arbitrary script c...
CVE-2006-6920
Cross-site scripting XSS vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving 1 lib/ADMIN.php and 2 lib/SKIN.php...
CVE-2007-0192
The CVE-2007-0192 CSRF vulnerability affects MKPortal’s admin.php in the save_main operation (ad_perms) where an attacker can induce privilege changes. The issue is exposed via a crafted getURL in a .swf loaded in an IFRAME, enabling remote modification of privilege settings (All Guests are Admin...