CVE-2007-4240

Help Center Live (hcl) 2.1.3a contains an authentication bypass in the check_logout function of class/auth.php. When administrative credentials are missing, the function redirects but does not exit, enabling an unauthenticated attacker to trigger actions via requests to admin/departments.php, adm...

CVE-2007-3627

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2007-3542

CVE-2007-3542 is a cross-site scripting (XSS) vulnerability in Pluxml 0.3.1, located in admin/auth.php, exploitable by supplying a crafted msg parameter. The NVD entry lists a MEDIUM risk (CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N, base score 4.3) with no authentication required and no impact on confide...

CVE-2007-3542

Removed by vendor...

TotalCalendar <= 2.402 (view_event.php) Remote SQL Injection Vulns

No description provided by source. --==+================================================================================+==--br / --==+ TotalCalendar 2.402 SQL Injection Vulnerability +==--br /...

Sql injection

SQL injection vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this...

CVE-2007-3190

Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System JFFNMS 0.8.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 user and 2 pass parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2007-3189

Cross-site scripting XSS vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2007-3204

CVE-2007-3204 describes an SQL injection in auth.php of JFFNMS 0.8.4-pre2 , allowing remote attackers to execute arbitrary SQL commands via the pass parameter. This vulnerability is noted to stem from an incomplete fix for CVE-2007-3190. The connected sources confirm the flaw and its relation to ...

CVE-2007-3190

CVE-2007-3190 involves multiple SQL injection flaws in Just For Fun Network Management System (JFFNMS) 0.8.3, specifically in auth.php. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user and pass parameters when magic_quotes_gpc is disabled. Public advisorie...

CVE-2007-1905

Cross-site scripting XSS vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forwardto parameter, as demonstrated using """...

quizshock-xss.txt

QuizShock 1.6.1 Cross-Site Scripting Vulnerability QuizShock 1.6.1 Cross-Site Scripting Vulnerabilitydiscovered by John Martinelli alert551660661;"...

QuizShock 1.6.1 - 'auth.php' HTML Injection

source: https://www.securityfocus.com/bid/23368/info QuizShock is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowi...

CVE-2007-1341

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information...

CVE-2007-1341

The CVE-2007-1341 entry concerns Simple Invoices prior to 2007-03-05, where include/auth/auth.php does not enforce login protection on invoice print preview pages, potentially allowing an attacker to access sensitive information. Affected component: the auth print-preview workflow in Simple Invoi...

CVE-2007-1341

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information...

CVE-2005-4821

Multiple SQL injection vulnerabilities in Land Down Under LDU v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including 1 the m parameter in auth.php, 2 the f parameter in events.php, or 3 the e parameter in plug.php...

CVE-2003-1315

SQL injection vulnerability in auth.php in Land Down Under LDU v601 and earlier allows remote attackers to execute arbitrary SQL commands...