6697 matches found
CVE-2004-2653
The CVE describes an unspecified privilege-escalation vulnerability in PD9 Software MegaBBS 2.0 and 2.1. Affected component: MegaBBS web admin interfaces under admin/userlevelmembers-edit.asp and admin/edit-groups.asp. Root cause and exact exploit details are not provided in the documents, only t...
CVE-2004-2653
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving 1 admin/userlevelmembers-edit.asp and 2 admin/edit-groups.asp...
Dev Web Management System 1.5 - 'cat' SQL Injection
this works regardless of magicquotesgpc setting usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Prohibit the taking of omens, and do away with superstitious doubts. Then, until death itself comes, no calamity need be feared." errorreporting0; iniset"maxexecutiontime",0;...
CVE-2005-4396
The CVE-2005-4396 entry describes an XSS vulnerability in iCMS, specifically in the admin/Default.asp page, where an attacker can cause the browser to execute injected script or HTML by supplying the LoginMSG parameter. The vulnerability is confirmed in multiple sources (e.g., NVD) with a CVSS v2...
DRZESHMS.txt
Description: http://www.drzes.com/ An all-in-one web hosting management system. A feature-rich, robust, easy-to-use control panel and billing system. A "self-branding" web hosting management system. No DRZES branding. Both the admin and customer can control multiple plans/servers from one...
CVE-2005-4207
CVE-2005-4207 concerns a SQL injection vulnerability in the BTGrup Admin WebController Script, where remote attackers can manipulate the application via the Username and Password fields. The issue is described in the NVD entry with a base score of 7.5 (HIGH) and an attack vector of NETWORK with n...
Alisveristr E-Commerce Admin Login SQL İnjection
Hi all B3g0kathackermail.com Kurdish Hacker Special Thanx All Kurdish Hackers Freedom For Ocalan!!! ----------------------------------- Alisveristr E-commerce User Login Sql njection Alisveristr E-commerce Admin Login Sql njection ----------------------------------- Site: http://www.alisveristr.c...
affiliateNetwork.txt
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS ======================================================================== Software: Affiliate Network Pro v7.2 Severity: SQL Injections, Arbitrary code execution, XSS Risk: High Author: Robin Verton Date: Nov. 15 2005 Vendor:...
CVE-2005-3547
Cross-site scripting XSS vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 adsess, 2 name, and 3 description parameters in admin.php, and the 4 ACP Notes, 5 Member Name, 6 Password, 7 Email Address, 8 Components, and multiple other...
CVE-2005-3552
Multiple cross-site scripting XSS vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in 1 login/profile.php, 2 login/userinfo.php, 3 admin/admin.php, 4 imcenter.php, and the 5 referer statistics, the 6 HTML title eleme...
CVE-2003-1258
activate.php in versatileBulletinBoard vBB 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid...
CVE-2005-3557
Technical details about CVE-2005-3557 are not publicly provided in the connected documents. No affected versions, root cause, exploit info, or remediation are specified here. Monitor for updates.
Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)
The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...
fipsCMS.txt
fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system. If you inject the "headline" field with scriptingcode like alertcode executed, this will automaticly launch when a users visits that site. Please credit to: Preben Nyløkken...
FlexWATCH Authentication Bypassing
There is a vulnerability in the current version of FlexWATCH that allows an attacker to access administrative sections without being required to authenticate. An attacker may use this flaw to gain the list of user accounts on this system and the ability to reconfigure this service. This is done b...
BEA WebLogic Operator/Admin Password Disclosure Vulnerability
BEA WebLogic Server and WebLogic Express are prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. SPDX-FileCopyrightText: 2004 Astharot Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
phpauction Admin Authentication Bypass
The remote host is running phpauction prior or equal to 2.0 or a modified version. There is a flaw when handling cookie-based authentication credentials which may allow an attacker to gain unauthorized administrative access to the auction system. SPDX-FileCopyrightText: 2005 Tobias Glemser...
CVE-2004-2495
The 1 Webmail, 2 admin, and 3 SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service CPU consumption via a large number of simultaneous connections to the service...
CVE-2004-2495
The CVE-2004-2495 entry affects Ability Mail Server 1.18, specifically the Webmail, Admin, and SMTP services. The vulnerability allows remote attackers to trigger a denial-of-service via a large number of simultaneous connections, resulting in high CPU usage. The available documents confirm the i...
planetBackdoor.txt
Hello all, Today i discovered a pseudo backdoor thru a default password while trying to reset the password on a Planet Technology Corp FGSW2402RS switch. Allthough i dont consider this to be a real problem since the only access seems to be thru the serial port, i would like to share this with the...