Design/Logic Flaw

admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter...

CVE-2006-0215

CVE-2006-0215 corresponds to an XSS vulnerability in QualityEBiz Quality PPC (QPPC) 1.0 build 1644, specifically in admin.php where the cpage parameter can be exploited to inject arbitrary script/HTML. The description notes this issue may be a result of CVE-2006-0216, indicating potential overlap...

CVE-2006-0215

Cross-site scripting XSS vulnerability in admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216...

CVE-2005-2466

Multiple SQL injection vulnerabilities in the authuser function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

CVE-2005-4572

Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the 1 GroupsId and 2 ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-4572

Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the 1 GroupsId and 2 ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. dot dot in the iduser parameter...

CVE-2005-3550

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. dot dot in the iduser parameter...

CVE-2005-3547

Cross-site scripting XSS vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 adsess, 2 name, and 3 description parameters in admin.php, and the 4 ACP Notes, 5 Member Name, 6 Password, 7 Email Address, 8 Components, and multiple other...

CVE-2005-3550

CVE-2005-3550 affects toendaCMS prior to 0.6.2, where the admin.php engine allows directory traversal via the id_user parameter, enabling remote access to arbitrary files. Connected sources also document additional vulnerabilities in toendaCMS

CVE-2005-3547

CVE-2005-3547 affects Invision Power Board 2.1. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via multiple input fields (e.g., adsess, name, description in admin.php, ACP Notes, Member Name, Password, Email Address, Comp...

CVE-2005-3588

SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field...

[SA17471] toendaCMS Disclosure of Sensitive Information

TITLE: toendaCMS Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA17471 VERIFY ADVISORY: http://secunia.com/advisories/17471/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: toendaCMS 0.x http://secunia.com/product/6059/ DESCRIPTION:...

Invision Power Board (IP.Board) 2.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15344/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

PHP-Nuke <= 5.2 Arbitrary File Upload Vulnerability

PHP-Nuke is prone to an arbitrary file upload vulnerability in admin.php. SPDX-FileCopyrightText: 2001 SecurITeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

CVE-2005-3082

SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the userpasssha1 value in a cookie...

CVE-2005-3082

SEO-Board 1.0.2 contains a SQL injection in admin.php exploitable via the user_pass_sha1 value in a cookie, allowing remote arbitrary SQL execution. The vulnerability details come from CVE-2005-3082/NVD; CVSS v2 base score 7.5 (HIGH) with network/low complexity, no authentication required, and pa...

CVE-2005-3082

SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the userpasssha1 value in a cookie...

SEO-Board < 1.03 admin.php user_pass_sha1 Cookie SQL Injection

Binary data 3242.prm...

CVE-2005-2699

CVE-2005-2699 concerns PHP-Kit 1.6.1 where an unrestricted file upload in admin/admin.php via images.php allows uploading a .php file to content/images/ and executing arbitrary PHP code. The vulnerability requires the attacker to be a remote authenticated administrator, implying privilege within ...