CVE-2008-0286

CVE-2008-0286 : A SQL injection vulnerability exists in the admin/login.php of Article Dashboard, allowing remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. The issue is publicly documented in NVD and CVE records, with no explicit remediation details prov...

CVE-2007-3694

CVE-2007-3694 is an XSS vulnerability in Miro Project Broadcast Machine 0.9.9.9, exploitable via the login.php username parameter to inject arbitrary script/HTML. CVSS from NVD: 4.3 (Medium). Affected component: login form handling in login.php; root cause: reflected/XSS via username input. Impac...

Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in...

Cross site scripting

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

CVE-2007-5728

Cross-site scripting XSS vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, different vectors than CVE-2007-2865...

CVE-2003-1466

CVE-2003-1466 affects Phorum 3.4–3.4.2. Unspecified vulnerability allows remote attackers to use Phorum as a proxy to other sites via (1) register.php or (2) login.php, enabling potential abuse of the application as a gateway to external hosts. The provided documents do not include concrete explo...

CVE-2003-1401

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request...

CVE-2007-5579

Pligg CMS 9.5 is affected by CVE-2007-5579 through login.php, where a guessable confirmation code enables password reset by an attacker knowing a username. The root cause is a predictable confirmationcode parameter used during forgotten-password flow, allowing an unauthorized password reset with ...

Default credentials

Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php...

FrontAccounting 1.13 Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== FrontAccounting 1.13 Remote File Inclusion Vulnerabilities ========================================================== ?????????? ??????????????? ???????????????????...

Sql injection

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...

CVE-2007-4956

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the pseudo parameter to login.php, 2 the id parameter to index.php in a carnet editer action in the MemberSpace espacemembre module, or 3 the typenav parameter to index.php in a...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

KwsPHP 1.0 - 'login.php' SQL Injection

Script..........................: KwsPHP ver 1.0 Script Site..................: http://kws.koogar.org/ Vulnerability...............: login.php Remote SQL injection Exploit Access.........................: Remote level.............................: Dangerous Author..........................: S4mi...

KwsPHP 1.0 - login.php SQL Injection

KwsPHP 1.0 - login.php SQL Injection Script..........................: KwsPHP ver 1.0 Script Site..................: http://kws.koogar.org/ Vulnerability...............: login.php Remote SQL injection Exploit Access.........................: Remote level.............................: Dangerous...

CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include

X---- w w w . u N k n 0 w n . e u ----X CRS Managercrsmanager Multi Remote File Include ::Home: http://crsmanager.berlios.de ::Vuln Type : Remote File Include RFI ::Discovered by : iNs ::Vuln Code: index.php login.php ?php require $DOCUMENTROOT."/../admin/settings/conf.php"; PoC:...

Remote file inclusion

PHP remote file inclusion vulnerability in login.php in MyREFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter...

CVE-2007-4484

CVE-2007-4484 describes a PHP remote file inclusion vulnerability in My_REFERER 1.08, specifically in login.php where an attacker can cause arbitrary PHP code execution by supplying a URL in the value parameter. The public description confirms the vulnerable component (login.php) and the vulnerab...

mcLinksCounter 1.2 Remote File Include by iNs

App Name : mcLinksCounter 1.2 HomePage: http://www.phpforums.net Vuln type : Remote File Include RFI Vuln Discovered by : iNs BUG: on file stats.php ,login.php ,detail.php : include "$langfile"; PoC: http://www.site.com/path/stats.php?langfile=sH3lLz? iNs @ uNkn0wn.eu Gr33tz t0: uNkn0wn.eu - iD -...

My_REFERER v.1.08 Remote File Include

App Name : MyREFERER v.1.08 HomePage : http://www.phoenix.frihost.net/referer/readme.php Vuln type : Remote File Include RFI Vulnerability Discovered by : iNs Vuln Code: login.php include"$value"; POC: htttp://site.com/path/login.php?value=SHELL.txt?? iNs @ uNkn0wn.eu Gr33tz t0: uNkn0wn.eu - iD -...