CVE-2009-0738

CVE-2009-0738 describes an SQL injection vulnerability in login.php of Auth Php 1.0, exploitable via the username and passwd parameters. The root cause is unsafely constructed SQL in the login flow that allows attackers to alter SQL semantics or execute arbitrary commands. The vulnerability affec...

CVE-2009-0710

Multiple cross-site scripting XSS vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via 1 the user parameter to login.php or 2 the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2009-0710

CVE-2009-0710 : The connected documents describe two cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6. An attacker can inject arbitrary script or HTML via (1) the user parameter to login.php and (2) the dbfield parameter to filter.php. The notes do not provide details on affected ver...

CVE-2009-0709

The CVE-2009-0709 entry describes a SQL injection vulnerability in PHPFootball 1.6, specifically in login.php where the user parameter can be used by remote attackers to execute arbitrary SQL commands. Affected component: PHPFootball 1.6 (login.php). Underlying cause: unsanitized user input leadi...

Oracle Secure Backup Multiple Command Injections (CVE-2008-4006; CVE-2008-5448; CVE-2008-5449)

Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup Administration Server provides a single point of data management across network attached storage NAS devices and distributed hosts. Several command injection vulnerabilities were reported in...

CVE-2008-6236

SQL injection vulnerability in login.php in Simple Document Management System SDMS 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2008-6236

CVE-2008-6236 is a SQL injection in the login.php of Simple Document Management System (SDMS) versions 1.1.5 and 1.1.4 (and possibly earlier). The vulnerability allows remote attackers to inject arbitrary SQL commands via the login parameter, enabling potential data compromise. The entry notes pr...

CVE-2008-6220

SQL injection vulnerability in login.php in Simple Document Management System SDMS 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter...

CVE-2008-6220

CVE-2008-6220 affects Simple Document Management System (SDMS) versions 1.1.5 and 1.1.4 (and possibly earlier). The vulnerability is a SQL injection in login.php that allows remote attackers to execute arbitrary SQL commands via the pass parameter. Root cause: unsanitized user input fed into a SQ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

CVE-2008-6127 affects moziloCMS

CVE-2008-6127

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...

Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...

CVE-2009-0493

SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username...

Mynews 0.10 - Authentication Bypass

Mynews 0.10 - Authentication Bypass 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Cod...

AuthPhp 1.0 SQL Injection

0x01 Informations: Name : AuthPhp 1.0 Download : http://frankmancuso.ca/downloads/authphp/authphp-stable-1.0.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code $username = $POST'username'; $passwd =...

BlueBird Pre-Release SQL Injection

0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code if $request == "POST" $username =...

BlueBird Pre-Release - Authentication Bypass

BlueBird Pre-Release - Authentication Bypass 0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...