CVE-2009-4674

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

CVE-2009-4674

The CVE-2009-4674 entry affects Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script. The flaw in admin/admin.php allows remote attackers to change an arbitrary password by modifying a user_id field, indicating an authentication/configuration weakness in the user management func...

phpBazar 'classified.php' SQL Injection Vulnerability

The host is running phpBazar and is prone to SQL Injection vulnerability. OpenVAS Vulnerability Test $Id: gbphpbazarsqlinjvuln.nasl 5323 2017-02-17 08:49:23Z teissa $ phpBazar 'classified.php' SQL Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Phpwind7.5 后台本地包含漏洞

文件：hack\rate\admin.php 源码： ?php !functionexists'readover' && exit'Forbidden'; define "HR", RP . "hack/rate/" ; define "LR", RP . "lib/" ; InitGP array 'ajax' ; $action = strtolower $job ? $job : "admin" ; $filepath = HR . "action/" . $action . "Action.php"; ! fileexists $filepath && exit ; if $jo...

Simple PHP Guestbook 1.0 Administrative Access

Vendor: http://www.simplephpguestbook.com/ Version: 1.0 Tested on: Windows and Linux -------------------------------------- Simple PHP Guestbook Remote Admin Access Exploit Created by Sora + contact: vhr95zw at hotmail.com Description: Simple PHP Guestbook suffers an remote access in the guestboo...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4446

CVE-2009-4446 describes an XSS in phpInstantGallery 1.1 (admin.php) exploitable via PATH_INFO. Exploitation by remote attackers is possible without authentication; impacts include partial integrity breach and no confidentiality/availability effects per CVSS? (Base 4.3, MEDIUM). Connected document...

CVE-2009-4446

Cross-site scripting XSS vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Directory traversal

Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

CVE-2009-4205

Directory traversal vulnerability in admin.php in Flashlight Free Edition allows remote attackers to include and execute arbitrary local files via a .. dot dot in the action parameter...

CVE-2009-4205

Flashlight Free Edition (

CVE-2009-4121

CVE-2009-4121 refers to multiple CSRF vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 . The flaws allow remote attackers to hijack an administrator’s authenticated session to perform actions such as (1) deleting web pages via a p-delete action to admin.php, and possibly (2) deleting produ...

WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass

WordPress 2.0 2.7.1 - admin.php Module Configuration Security Bypass An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt...

WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability

No description provided by source. An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt...

Skybluecanvas 1.1 r237 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/44225/info SkyBlueCanvas is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

QuickCart 3.x xss xsrf Local File Inclusion Directory Traversal

No description provided by source. DISCOVERED: Paweł 'kl3ryk' Łaskarzewski GREETZ: hawk, pin3ska, black ant, qwert666, ua and gacmaan DIRECTORY TRAVERSAL http://victim.com/?p=ONE OF THE EXISITING FILES-EXISITING ACTION IN THIS FILE- Most of actions load templates form bad directory and then thr...

CVE-2008-7221

RunCMS 1.6.1 is affected by a CSRF vulnerability that lets remote attackers hijack administrator sessions by sending crafted requests to system/admin.php, enabling (1) addition of new administrators or (2) modification of user profiles. The vulnerability is triggered through authenticated admin a...

CVE-2008-7171

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

CVE-2008-7171

Multiple cross-site scripting XSS vulnerabilities in Lightweight news portal LNP 1.0b allow remote attackers to inject arbitrary web script or HTML via the 1 photo parameter to showphoto.php, 2 potd parameter to showpotd.php, or 3 the Current question field in a vote action to admin.php...

Fedora Core 11 FEDORA-2009-8529 (wordpress-mu)

The remote host is missing an update to wordpress-mu announced via advisory FEDORA-2009-8529. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...