Sql injection

Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters to a login.php or b register.php; or 3 u parameter to c profile.php...

CVE-2006-1569

Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters to a login.php or b register.php; or 3 u parameter to c profile.php...

CVE-2006-1535

Cross-site scripting XSS vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter...

CVE-2006-1535

The CVE refers to a cross-site scripting (XSS) vulnerability in Phoetux.net PhxContacts (versions up to 0.93.1 beta) where an attacker can inject arbitrary script via the m parameter in login.php. Affected component is the login handling script; root cause is improper sanitization of input to the...

Cross site scripting

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...

CVE-2006-1507

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...

XSS in PHPKIT Version 1.6.03

http://www.example.com/include.php?path=login/login.php&error=scriptalertdocument.Cookie/script Discovered by BadNet !!!!...

Digital Scribe login.php SQL Injection flaw

The version of Digital Scribe installed on the remote host is prone to SQL injection attacks through the SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Remote file inclusion

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 from and 2 help parameters to a index.php; 3 action, 4 page, 5 debug, 6 help, 7 username, or 8 password parameters to b login.php; the 7 help parameter to c...

CVE-2006-1080

Cross-site scripting XSS vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value...

Game-Panel 2.6 - login.php Cross-Site Scripting

Game-Panel 2.6 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated...

Sql injection

SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter...

CVE-2006-0856

The CVE-2006-0856 entry describes a SQL injection in login.php of Scriptme SmE GB Host 1.21 that lets remote attackers execute arbitrary SQL and bypass authentication via the Username parameter. Affected software is Scriptme SmE GB Host 1.21; the vulnerability arises from improper handling of the...

Sql injection

Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the 1 usern parameter in a sendpass.php, and the 2 usern and 3 passwd parameters and 4 sfcookie cookie in b login.php and c logged.php...

CVE-2006-0809

Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the 1 usern parameter in a sendpass.php, and the 2 usern and 3 passwd parameters and 4 sfcookie cookie in b login.php and c logged.php...

CVE-2006-0685

The checklogin function in login.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access...

Sql injection

SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2006-0311

CVE-2006-0311 is an SQL injection in aoblogger 2.3, exposed via login.php and the username parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. Reported impact aligns with CVSS base metrics (7.5: High; network vector, low complexity, no authentication). Affected...

CVE-2006-0182

CVE-2006-0182 affects ACal Calendar Project 2.2.5. The vulnerability in login.php allows remote bypass of authentication by setting the ACalAuthenticate cookie to the literal value “inside,” enabling unauthorized access. Relatedly, CVE-2006-0183 in edit.php permits authenticated users to execute ...