CVE-2005-2332

CVE-2005-2332 describes a cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter to admin.php or login.php. The provided sources confirm the affected product/version and the vulnerable ...

CVE-2005-2203

CVE-2005-2203 affects phpWishlist prior to 0.1.15. The vulnerability allows remote attackers to bypass authentication by issuing a direct request to admin.php, enabling access without valid credentials. Root cause details are not provided in the documents beyond the bypass vector. Impact is descr...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CVE-2005-2109

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use...

Invision Power Board <= 1.3.1 Login.PHP SQL Injection (working)

Exploit for unknown platform in category web applications =============================================================== Invision Power Board = 1.3.1 Login.PHP SQL Injection working =============================================================== ?php / = 1.3.1 Final /str0ke / $server = "SERVER";...

Invision Power Board &lt;= 2.0.3 Login.PHP SQL Injection (tutorial)

No description provided by source. danica jones [email protected] Tutorial for the recent exploit released by Petey Beege. 1. Get the exploit from http://www.milw0rm.com/id.php?id=1013 2. Make sure you have LWP::UserAgent perl module if not do this: a. perl -MCPAN -e 'shell' b. inside the perl...

CVE-2004-2023

The vulnerability CVE-2004-2023 affects Zen Cart (notably Zen Cart 1.1.2d and 1.1.4 before patch 1). The issue is a SQL injection in login.php that allows remote attackers to modify or disclose data via the (1) admin_name or (2) admin_pass parameters. The underlying cause is unsafely constructed ...

Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)

According to its banner, the version of Invision Power Board on the remote host suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-input supplied through the 'passhash' cookie in the 'sources/login.php' script, which can be exploited to...

CVE-2005-1384

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 search parameter to index.php, 2 phpcoinsessid parameter to login.php, 3 id, 4 dtopicid, or 5 dcatid to mod.php...

CVE-2005-0220

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field...

CVE-2005-0220

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

PHPCOIN 1.2 - &#039;login.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may leverage these issues to manipulate and...

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

CVE-2004-1584

The CVE-2004-1584 entry maps to a CRLF/HTTP Response Splitting vulnerability in WordPress 1.2, exploitable via wp-login.php using the text parameter to modify server HTML output. Affected software is WordPress 1.2 (WordPress

WordPress <=1.2 - CRLF (Carriage Return Line Feed) injection

Because of this vulnerability in wp-login.php, attackers can perform HTTP Response Splitting attacks to modify expected HTML content from the server via the "text" parameter. Solution Update the WordPress to the latest available version at least 1.2.1...

CVE-2004-1507

CVE-2004-1507 describes a CRLF injection flaw in WebCalendar’s login.php that allows remote attackers to inject CRLF sequences via the return_path parameter, enabling HTTP Response Splitting to alter server HTML content. The NVD entry lists a network attack vector with no authentication, low comp...

CVE-2004-1417

PsychoStats is affected: login.php in version 2.2.4 Beta and earlier is vulnerable to Cross-Site Scripting via the login parameter. Root cause: insufficient sanitization of the login parameter leading to arbitrary script execution. Impact aligns with CVSS 4.3 (medium). Remediation: upgrade to a v...

Chipmunk Forums SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================== Chipmunk Forums SQL Injection Exploit ===================================== /==========================================/ // GHC - Chipmunk forum - ADVISORY // Product: Chipmunk Forums // URL:...

CVE-2005-0221

Cross-site scripting XSS vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2formsubject field...