CVE-2011-5039

Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters to login.php, 3 the filter parameter to widget.dokumentilista.php, and 4 the finnalogid parameter to nalozinaslov.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

CVE-2011-3838

Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...

Tiki Wiki CMS Groupware 8.1 / 6.4 LTS Cross Site Scripting

Advisory: Tiki Wiki CMS Groupware Stored Cross-Site-Scripting Advisory ID: INFOSERVE-ADV2011-07 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 8.1 & 6.4 LTS affects all current releases Vendor URL: http://info.tiki.org/ Vendor Status: fixed...

Tiki Wiki CMS Groupware 8.1 - 'show_errors' HTML Injection

source: https://www.securityfocus.com/bid/51128/info Tiki Wiki CMS Groupware is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...

InverseFlow 2.4 Cross Site Scripting

Exploit Title: InverseFlow v2.4 XSS Vulnerabilities Date: Mon Nov 07 2011 Author: Amir Expl0its We Are : Expl0its , Highersense , Black.spook & H4ckcity.net - zone-hc.com Software Link: http://asria.info/download/script/inverseflow.zip Version: InverseFlow v2.4 Vulnerable Page:...

Sql injection

SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2011-3371

Multiple cross-site scripting XSS vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 formsent, 3 csrftoken, 4 reqconfirm, or 5 delete parameter to delete.php, the 6 id, 7 formsent, 8 csrftoken, 9 reqmessage,...

Cross site scripting

Cross-site scripting XSS vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action...

CVE-2010-4852

CVE-2010-4852 affects Eclime 1.1.2b, where login.php’s reason parameter is vulnerable to cross-site scripting (XSS) due to insufficient input sanitization. Exploitation could cause arbitrary script/HTML execution in a user’s browser. Concrete details across connected records confirm the vulnerabl...

CVE-2010-4842

The vulnerability is a SQL injection in admin/login.php of the MHP DownloadScript (aka MH Products Download Center) version 2.2. The root cause is improper handling of the Name parameter, enabling remote attackers to craft inputs that cause arbitrary SQL execution. Impact per sources is uncontrol...

vAuthenticate 3.0.1 - Authentication Bypass

vAuthenticate 3.0.1 - Authentication Bypass ----------------------------------------------------------------------- vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability ----------------------------------------------------------------------- Author: bd0rk Contact:...

CVE-2009-5076

CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...

DGNews 2.1 SQL Injection

Remote SQL Injection Vulnerability name : DGNews v 2.1 Author : kalashnikov dork : inurl:news.php?go=fullnews&newsid admincp : admin/login.php // the user is "admin"===========MYSQL INJ======= http://localhost/pach/news.php?go=fullnews&newsid=1' =========================== Warning: mysqlnumrows:...

WordPress Register Plus Plugin Multiple Vulnerabilities

WordPress Register Plus Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MODx login.php 'username' Parameter XSS

The installed version of MODx fails to adequately sanitize input passed to the 'username' parameter in the 'login.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a...

Sql injection

Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 un and 2 pw parameters...

CVE-2010-4505

Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 un and 2 pw parameters...