CVE-2003-1315

Technical details beyond the basic description are not provided in the connected documents. The CVE records describe an SQL injection in auth.php for Land Down Under (LDU) v601 and earlier; monitor for updates for further specifics (affected versions, fix, impact).

EternalMart Guestbook 1.1.0 [emgb_admin_path] Remote File Include

EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link : http://www.vanta.ru/script/info.php?id=230&clas=0 + Exploit : ++ +...

EternalMart Guestbook 1.10 (admin/auth.php) Remote Inclusion Vuln

No description provided by source. EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link :...

EternalMart Guestbook 1.10 - adminauth.php Remote File Inclusion

EternalMart Guestbook 1.10 - adminauth.php Remote File Inclusion EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link :...

EternalMart Guestbook 1.10 - '/admin/auth.php' Remote File Inclusion

EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link : http://www.vanta.ru/script/info.php?id=230&clas=0 + Exploit : ++ +...

PafileDB Login SQL injection =)

PafileDB Login SQL injection = author : koray & [email protected] Risk : High Class : Remote Vulnerable Script : pafileDB Version : 3.5.2 / 3.5.3 google : powered by pafiledb 3.5.3/2 greetz : www.cigicigi.net & redhackers Vulnerable; include/admin/auth.php c0de ; if isset$COOKIE'pafiledbuser' &&...

PNewsv1.1.0.txt

PNews v1.1.0 nbs Remote File Inclusion Affected Software..:PNews v1.1.0 download...:http://sourceforge.net/project/showfiles.php?groupid=35550 Class .............: Remote File Inclusion Risk ..............: high Found by ..........: CvIr.System Contact ...........: CvIr.Systematgmail.com Affected...

pNews <= 1.1.0 (nbs) Remote File Include Vulnerability

No description provided by source. PowerNews v1.1.0 nbs Remote File Inclusion Affected Software .: PowerNews v1.1.0 Download..: http://sourceforge.net/project/showfiles.php?groupid=35550 Class .............: Remote File Inclusion Risk ..............: high Found by ..........: CvIr.System Contact...

pNews <= 1.1.0 (nbs) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ====================================================== pNews = 1.1.0 nbs Remote File Include Vulnerability ====================================================== PowerNews v1.1.0 nbs Remote File Inclusion Affected Software .: PowerNews...

CVE-2006-2283

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

CVE-2006-2283

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

CVE-2006-1289

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, 3 team, 4 level, 5 status, 6 teamname, and 7 teamlead parameters in a auth.php; the 8 username, 9 action, and 10 filter...

Sql injection

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, 3 team, 4 level, 5 status, 6 teamname, and 7 teamlead parameters in a auth.php; the 8 username, 9 action, and 10 filter...

CVE-2006-0079

CVE-2006-0079 describes an SQL injection vulnerability in ScozNet ScozBook BETA 1.1, specifically in auth.php via the adminname (username) field. The underlying issue is unsanitized input allowing a remote attacker to inject arbitrary SQL commands. Documents corroborate exploitation potential and...

Sql injection

SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field adminname variable...

CVE-2005-2723

CVE-2005-2723 refers to a SQL injection in PaFileDB 3.1’s auth.php when authmethod is configured to cookies, exploitable via the pafiledbcookie cookie username value. Multiple sources confirm the issue and indicate the remote attacker could potentially manipulate SQL commands, with at least one N...

PaFileDB31SQL.txt

SePro Advisory 5 PaFileDB 3.1 - SQL-Injection =========================================================== Vendor: PhpArena URL: http://www.phparena.net/ Date: 17.08.05 App.: PaFileDB Version: 3.1 Type: SQL-Injection Risc: High Credits: ================================ Newangels &...

PHPNews SQL injection vulnerability

Product: PHPNews Version: 1.2.5 Release, bugfix 1.2.6 and previous URL: http://newsphp.sourceforge.net/ VULNERABILITY CLASS: SQL injection PRODUCT DESCRIPTION PHPNews is a popular script for news posting written in PHP MySQL based. VULNERABILITY Vulnerable script: auth.php code else...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...