CVE-2009-2762

CVE-2009-2762 affects WordPress ≤ 2.8.3. The vulnerability allows remote attackers to trigger a password reset for the first user (potentially admin) by supplying a key[] array to the resetpass (rp) action, bypassing the check that key is not an array. This is a network‑level exploit with a CVSSv...

WordPress < 2.8.4 'wp-login.php' 'key' Parameter Remote Administrator Password Reset (uncredentialed check)

According to its version number, the version of WordPress running on the remote server has a flaw in the password reset mechanism. Validation of the secret user activation key can be bypassed by providing an array instead of a string. This allows anyone to reset the password of the first user in...

Path traversal

login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path...

CVE-2008-6896

login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path...

CVE-2008-6896

login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is reached, allows remote attackers to gain sensitive information via unspecified vectors that reveal the installation path...

CVE-2008-6896

CVE-2008-6896 affects the 3CX Phone System (version 6.0.806.0). When disk usage reaches 100%, remote attackers can obtain sensitive information that reveals the installation path through unspecified vectors. The exact root cause is not detailed in the provided documents. Impact is described as pa...

Blink Blog System Authentication Bypass

Salvatore "drosophila" Fresta + Application: Blink Blog System + Version: Unknown + Website: http://blogink.sourceforge.net + Bugs: A Authentication Bypass + Exploitation: Remote + Date: 03 Aug 2009 + Discovered by: Salvatore Fresta aka drosophila + Author: Salvatore Fresta aka drosophila + E-mai...

Allomani Mobile 2.5 Remote Blind SQL Injection Exploit

No description provided by source. ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qabandi \QQQQ...

Allomani Mobile 2.5 - Blind SQL Injection

Allomani Mobile 2.5 - Blind SQL Injection ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . o7 || q||| o///, : / / . /QQQQQQQQQQQQQQQQQQQ\ q Allomani Mobile v2.5 /QQQ/\QQQ\ Blind SQL inj. exploit /QQQQQ/ \QQQQQQ\ q GET 3 /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ q http://allomani.com |QQQQ/ By Qaband...

CVE-2008-6876

CVE-2008-6876 is an XSS vulnerability in EsPartenaires 1.0, where the login.php page accepts a crafted msg parameter to inject script/HTML. Multiple related records (CVE-2008-2037) cover the EsContacts 1.0 issue; the shared vector is the msg parameter in login.php across EditeurScripts EsBaseAdmi...

CVE-2008-6876

Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...

Phenotype CMS 2.8 - login.php?user Blind SQL Injection

Phenotype CMS 2.8 - login.php?user Blind SQL Injection Phenotype v2.8 Blind Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

DM FileManager 'login.php' Security Bypass Vulnerability

The host is running DM FileManager and is prone to Security Bypass vulnerability. OpenVAS Vulnerability Test $Id: gbdmfilemanagersecbypassvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ DM FileManager 'login.php' Security Bypass Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbone...

DM FileManager 'login.php' Security Bypass Vulnerability

DM FileManager is prone to a security bypass vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2008-6839

Multiple cross-site scripting XSS vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the 1 msg and 2 goodmsg parameters to a login.php and b index.php, and the 3 dir and 4 id parameters to index.php. NOTE: the provenance of this...

CVE-2009-2236

CVE-2009-2236 describes an SQL injection vulnerability in the yad-admin/login.php of Your Article Directory . The issue allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. The entry lists a base CVSS v2 score of 7.5 (HIGH) with network attack vector and no a...

CVE-2008-6839

Multiple cross-site scripting XSS vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the 1 msg and 2 goodmsg parameters to a login.php and b index.php, and the 3 dir and 4 id parameters to index.php. NOTE: the provenance of this...

CVE-2009-2236

SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-2167

Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

Sql injection

SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...