mpa-pro.fr XSS vulnerability

Vulnerable URL: http://www.mpa-pro.fr/auth.php?redirect=%2Fuser.php Details: Description| Value ---|--- Patched:| Yes, at 06.12.2015 Latest check for patch:| 06.12.2015 01:39 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1107271 Google Pagerank| 1 VIP website...

ScozBook auth.php adminname Parameter SQL Injection - Ver2 (CVE-2006-0079)

An SQL injection vulnerability has been reported in ScozNet ScozBook BETA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2009-4699

Multiple cross-site scripting XSS vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin/auth.php and 2 fileuploader.php...

Sql injection

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a auth.php or b loginaction.php...

CVE-2010-0122

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to a auth.php or b loginaction.php...

Sql injection

Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the 1 adminName parameter to cp/auth.php, 2 cid parameter to artcat.php, and 3 catid parameter to show.php...

CVE-2008-6523

The CVE-2008-6523 issue affects openInvoice 0.90 beta and earlier where auth.php allows remote authentication bypass by setting the oiauth cookie, enabling privilege gain. The note indicates this can be combined with a separate vulnerability in resetpass.php to modify passwords for arbitrary user...

CVE-2008-6523

auth.php in openInvoice 0.90 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users...

CVE-2008-5880

CVE-2008-5880 affects Gobbl CMS 1.0. The issue is an authentication bypass in admin/auth.php, where setting the auth cookie to "ok" grants administrative access. This is a cookie‑level bypass that can let remote attackers obtain admin privileges without valid credentials. The provided documents i...

Gobbl CMS 1.0 Insecure Cookie Handling

--------------------------- Gobbl Cms 1.0 I.Cookie Hand. --------------------------- Autore: x0r Evolution Team Email: [email protected] Demo Site:http://www.gobbl.net/ --------------------------- Bug In: \admin\auth.php ? include '../config.php'; $user = $POST'user'; $pass = $POST'pass'; if...

phpEmployment (php upload) Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ============================================================== phpEmployment php upload Arbitrary File Upload Vulnerability ============================================================== remote shell upload script: phpEmployment download...

Gobbl CMS 1.0 Insecure Cookie Handling Vulnerability

No description provided by source. --------------------------- Gobbl Cms 1.0 I.Cookie Hand. --------------------------- Autore: x0r Evolution Team Email: [email protected] Demo Site:http://www.gobbl.net/ --------------------------- Bug In: \admin\auth.php ? include '../config.php'; $user =...

Gobbl CMS 1.0 - Insecure Cookie Handling

--------------------------- Gobbl Cms 1.0 I.Cookie Hand. --------------------------- Autore: x0r Evolution Team Email: [email protected] Demo Site:http://www.gobbl.net/ --------------------------- Bug In: \admin\auth.php ? include '../config.php'; $user = $POST'user'; $pass = $POST'pass'; if...

Gobbl CMS 1.0 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ==================================================== Gobbl CMS 1.0 Insecure Cookie Handling Vulnerability ==================================================== --------------------------- Gobbl Cms 1.0 I.Cookie Hand...

Gobbl CMS 1.0 - Insecure Cookie Handling

Gobbl CMS 1.0 - Insecure Cookie Handling --------------------------- Gobbl Cms 1.0 I.Cookie Hand. --------------------------- Autore: x0r Evolution Team Email: [email protected] Demo Site:http://www.gobbl.net/ --------------------------- Bug In: \admin\auth.php ? include '../config.php'; $user...

CVE-2008-4162

Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the gsiteurl parameter...

Unfixed XSS vulnerability at www.kondi.dk

Security researcher Pragmatk, has submitted on 31/08/2008 a cross-site-scripting XSS vulnerability affecting www.kondi.dk, which at the time of submission ranked 4584145 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/07/2009. It is currentl...

CVE-2007-5913

CVE-2007-5913 concerns dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier, where authentication is not required and remote attackers can (1) delete auth.inc.php via the suppr parameter and (2) re-create auth.inc.php to establish a new account/password using login and password parameters...

xcart-rfi.txt

xCart Remote file inclusion Download script : http://www.x-cart.com// Discovered By : aLiiF a.k.a arif @debuteam 07/09/2007 HomePage : http://www.debuteam.net// Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0ng0ku^ Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKey s3ng0k homeedition Holong...

Design/Logic Flaw

The checklogout function in class/auth.php in Help Center Live hcl 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to 1...