Easynews 4.4.1 - admin.php Authentication Bypass

Easynews 4.4.1 - admin.php Authentication Bypass +------------------------------------------------------------------------------------------- + Easynews +------------------------------------------------------------------------------------------- + Details: + Easynews doesn't properly check to...

Easynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability

Exploit for unknown platform in category web applications ================================================================= Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability =================================================================...

YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ YaBBSM 3.0.0 Offline.php Remote File Include Vulnerability ============================================================ DESCRIPTION Remote file include vuln found by sZ oct 09,...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

Cross-site scripting XSS vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 1 the $useragent variable, probably obtained from the User-Agent HTTP header, and possibly 2 the $ipresolved variable...

CVE-2006-5227

CVE-2006-5227 describes a cross-site scripting (XSS) vulnerability in TorrentFlux 2.1, specifically in admin.php, where an attacker can inject arbitrary script or HTML via the $user_agent value (likely from the User-Agent header) and possibly the $ip_resolved variable. The connected sources reaff...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php...

CVE-2006-4957

CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...

CVE-2006-4827

Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to 1 admin.php, 2 chart.php, 3 modes.php, or 4 stats.php...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

CVE-2006-4328

CloudNine Interactive Links Manager 2006-06-12 is affected by an SQL injection in admin.php via the nick parameter when magic_quotes_gpc is off. The vulnerability allows remote attackers to execute arbitrary SQL commands, as documented in multiple sources (eVuln/SECURITYVULNS entries). The issue ...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

[Full-disclosure] SmartSiteCMS v1.0 authentication bypass

SmartSiteCMS v1.0 authentication bypass STATUS: I contacted the vendor more than 2 months ago and still no response. TECHNICAL INFO ================================================================ One of the worst cms I've ever seen regarding security, no input sanitation at all. Bypassing...

CVE-2006-3963

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the 1 sitename parameter to a signup.php, and the 2 id, 3 deleteuserbanner, 4 viewmem, 5 viewmemunb, 6 viewunmem,or 7 deleteuser parameters to b admin.php...

mospray.txt

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

SQL-Injection in Shop-Script PRO &amp; Shop-Script Premium all version

Advisory: SQL-Injection in Shop-Script PRO & Shop-Script Premium all version. Home Page: http://shop-script.ru Уязвимость/Vulnerability: SQL-injection в зоне администрирования. Уязвимый скрипт/Vulnerable script: admin.php...

CVE-2006-3323

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or...