Sql injection

SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the userid parameter...

CVE-2008-2222

SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the userid parameter...

CVE-2008-2222

CVE-2008-2222 describes an SQL injection vulnerability in EQdkp 1.3.2f, specifically in login.php, allowing remote attackers to bypass user authentication via the user_id parameter. The affected software is EQdkp 1.3.2f; the root cause is improper input handling in the login flow that enables SQL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

CVE-2008-1850

The CVE-2008-1850 entry describes multiple cross-site scripting (XSS) vulnerabilities in the login.php component of Omnistar Interactive OSI Affiliate. The underlying issue is improper handling of user-supplied parameters (login, profile, profile2, ref), allowing remote attackers to inject arbitr...

Sql injection

SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php...

CVE-2008-1631

CVE-2008-1631 corresponds to a SQL injection vulnerability in CuteFlow versions 1.5.0 and 2.10.0. The flaw occurs in login.php, related to the UserId parameter used by the login form (indexed in index.php), allowing remote attackers to craft arbitrary SQL commands. Multiple sources (NVD entry, CV...

CVE-2008-1493

Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

CVE-2008-1493

CVE-2008-1493 affects Cuteflow Bin 1.5.0 in login.php. The language parameter is processed insecurely, enabling directory traversal with ".." to include and execute local files. This has potential partial impact to confidentiality, integrity, and availability (CVSS v2 base score 7.5, AV:N/AC:L/Au...

cuteflowbin-lfi.txt

Cuteflow Bin v1.5.0 Local File Inclusion Vulnerability + Author : KnocKout + Cyber-Warrior.org / Bug Researchers Group Special Thanks : CW ALL USERS / Mr.Freeman ============================================== Script : Cuteflow Bin v1.5.0 Download :...

Cuteflow Bin 1.5.0 - login.php Local File Inclusion

Cuteflow Bin 1.5.0 - login.php Local File Inclusion Cuteflow Bin v1.5.0 Local File Inclusion Vulnerability + Author : KnocKout + Cyber-Warrior.org / Bug Researchers Group Special Thanks : CW ALL USERS / Mr.Freeman ============================================== Script : Cuteflow Bin v1.5.0 Downloa...

Cuteflow Bin 1.5.0 (login.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================= Cuteflow Bin 1.5.0 login.php Local File Inclusion Vulnerability ================================================================= Cuteflow Bin v1.5.0 Local File Inclusion...

Unfixed XSS vulnerability at www.urgo.es

Security researcher THEMILLER, has submitted on 03/04/2008 a cross-site-scripting XSS vulnerability affecting www.urgo.es, which at the time of submission ranked 8648906 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/04/2008. It is currentl...

CVE-2008-0651

SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-0650

Vulnerability summary (CVE-2008-0650): In Simple OS CMS 0.1c beta, the login.php username field is susceptible to SQL injection, enabling remote attackers to execute arbitrary SQL commands. This affects the login process and can impact confidentiality, integrity, and availability (as per NVD metr...

CVE-2008-0651

The CVE-2008-0651 entry refers to a SQL injection vulnerability in login.php of Codice CMS, where the username field allows remote attackers to execute arbitrary SQL commands. The provided documents consistently describe this same issue, including the root cause (injection in login handling) and ...

CVE-2008-0650

SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

WordPress MU 1.3.2 - active_plugins option Code Execution

WordPress MU 1.3.2 - activeplugins option Code Execution Website : http://www.buayacorp.com/ Advisory: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html This exploit uses activeplugins option to execute arbitrary PHP / includeonce './class-snoopy.php'; // Fix Snoopy cla...

Codice CMS - login.php SQL Injection

Codice CMS - login.php SQL Injection source: https://www.securityfocus.com/bid/27592/info Codice CMS is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify...