CVE-2004-2443

The CVE affects Jaws 0.3. An authentication bypass is possible via an HTTP request to admin.php where the cookie is set to the MD5 hash of a null password; this is compared against the logged session variable in application.php’s logged_on function. This yields a likely auth bypass with partial c...

CVE-2004-2443

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the loggedon function in application.php...

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...

CVE-2005-2332

CVE-2005-2332 describes a cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter to admin.php or login.php. The provided sources confirm the affected product/version and the vulnerable ...

CVE-2005-2203

CVE-2005-2203 affects phpWishlist prior to 0.1.15. The vulnerability allows remote attackers to bypass authentication by issuing a direct request to admin.php, enabling access without valid credentials. Root cause details are not provided in the documents beyond the bypass vector. Impact is descr...

CVE-2005-2203

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php...

CVE-2005-2203

login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CVE-2005-1998

CVE-2005-1998 is a directory traversal vulnerability affecting McGallery 1.1, where the lang parameter can be exploited with .. to read arbitrary files from the server. The commonly cited references (NVD, CVE List, CVE.org) confirm the issue and the affected product/version, but the materials do ...

CVE-2005-1803

CVE-2005-1803 affects Net Portal Dynamic System (NPDS) 5.0. The description lists multiple XSS vectors: via the language parameter to admin.php or powerpack_f.php; the sitename parameter to sdv_infos.php; the categories parameter to faq.php; the lettre parameter to the glossaire module; the title...

CVE-2005-1803

Multiple cross-site scripting XSS vulnerabilities in Net Portal Dynamic System NPDS 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 admin.php, or 2 powerpackf.php, 3 the sitename parameter to sdvinfos.php, 4 the categories parameter to faq.php, 5...

CVE-2004-1842

PHP-Nuke 6.x through 7.1.0 is affected by a CSRF that lets an attacker gain administrative privileges via an image tag pointing to admin.php. The PT-2004-2741 entry confirms the issue and recommends upgrading to a version containing the fix; no specific fixed version is provided in the sources.

CVE-2004-1842

Cross-site request forgery CSRF vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php...

CVE-2005-1049

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 module parameter to admin.php or 2 op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750...

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

Binary data 2808.prm...

CVE-2004-1662

YaBB SE 1.5.1 is affected by an information disclosure vulnerability where an attacker can obtain sensitive information by directly requesting Admin.php. The vulnerability results in a PHP error message that reveals the full path, potentially aiding further intrusion. No exploitation details are ...

CVE-2004-0033

PHPGEDVIEW 2.61’s admin.php is vulnerable to information disclosure: an attacker can trigger a phpinfo command via an action parameter to reveal sensitive data. The affected component is admin.php (PHPGEDVIEW 2.61). Root cause is improper handling of the action parameter, enabling remote code/inf...

CVE-2004-1662

YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message...

CVE-2004-0621

The CVE-2004-0621 entry affects Newsletter ZWS (admin.php) where a remote attacker can gain administrative privileges via a list_user operation with ulevel=1, which exposes all users and their passwords. According to NVD, the impact is complete confidentiality, integrity, and availability, with a...

CVE-2004-0358

CVE-2004-0358 is a cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 . The issue allows remote attackers to execute arbitrary script as another user by supplying crafted input through multiple parameters in admin.php (specifically the mainnews , expand , id , and catid ...