CVE-2006-0182

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside"...

Authentication flaw

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside"...

CVE-2006-0135

SQL injection vulnerability in login.php in TheWebForum twf 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter aka the u variable...

CVE-2006-0067

VEGO Links Builder 2.00 and earlier contains a SQL injection vulnerability in login.php via the username parameter. Multiple connected advisories summarize that remote attackers could cause arbitrary SQL commands to be executed on the affected system. The CVE entry notes the vulnerability but doe...

CVE-2005-4136

CVE-2005-4136 describes a Cross-site Scripting (XSS) vulnerability in DRZES HMS 3.2, specifically in login.php where the customerEmailAddress parameter can be exploited to inject arbitrary web script/HTML. The issue affects the login process and can be triggered remotely, with a NVD base score of...

PHPX 3.5.x - Admin login.php SQL Injection

PHPX 3.5.x - Admin login.php SQL Injection source: https://www.securityfocus.com/bid/15680/info PHPX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. dot dot in the 1 formlang parameter in login.php and 2 the imgdir parameter in randomimage.php...

CVE-2005-3418

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...

CVE-2005-3418

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 errormsg parameter to usercpregister.php, 2 forwardpage parameter to login.php, and 3 listcat parameter to search.php, which are not initialized as...

CVE-2004-2509

Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...

CVE-2005-3153

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a differe...

Digital Scribe login.php SQL Injection

The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP. The version of Digital Scribe installed on the remote host is prone to a SQL injection attack through the 'login.php' script. A malicious user may be able to exploit this issue to manipulate database...

CVE-2005-2987

SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2005-2987

The CVE-2005-2987 issue affects Digital Scribe login.php (version 1.4). The vulnerability is an SQL injection through the login.php username parameter, enabling remote attackers to manipulate database queries and potentially bypass authentication or alter data. Multiple security databases corrobo...

GLSA-200509-04 : phpLDAPadmin: Authentication bypass

The remote host is affected by the vulnerability described in GLSA-200509-04 phpLDAPadmin: Authentication bypass Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration. Impact :...

CVE-2005-2654

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set...

CVE-2005-2649

Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...

CVE-2005-2649

Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...

CVE-2005-2649

CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...

MySQL Eventum 1.5.5 - 'login.php' SQL Injection

!/usr/bin/perl -w use IO::Socket; use strict; print "\n"; print " MySQL Eventum new PeerAddr = $host, PeerPort = $port, Proto = 'tcp' || die "! Unable to connect to $host\n"; my $post =...