10 matches found
EUVD-2006-2686
Malware in sbrugna...
PHP AGTC-Membership System <= 1.1a Arbitrary Add-Admin Exploit
No description provided by source. !/usr/bin/perl Note: adduser.php is accessable to a guest/any-user, but if you access through a browser you cant add admin, theres a hidden POST buried in the script, which contains the userlevel. Note: alot of sites run this script and they remove the "powered...
PHP-AGTC Membership System 1.1a - Arbitrary Add Admin
PHP-AGTC Membership System 1.1a - Arbitrary Add Admin !/usr/bin/perl Note: adduser.php is accessable to a guest/any-user, but if you access through a browser you cant add admin, theres a hidden POST buried in the script, which contains the userlevel. Note: alot of sites run this script and they...
Authentication flaw
adduser.php in PHP-AGTC Membership AGTC-Membership System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin userlevel 4 privileges...
CVE-2007-5752
adduser.php in PHP-AGTC Membership AGTC-Membership System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin userlevel 4 privileges...
CVE-2007-5752
CVE-2007-5752 affects the PHP-AGTC Membership System (AGTC-Membership) 1.1a. The vulnerability is in adduser.php, which does not require authentication, allowing remote attackers to create accounts via a modified form, demonstrated by an account with admin (userlevel 4) privileges. Documented imp...
CVE-2006-2687
Cross-site scripting XSS vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address useremail parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address useremail parameter...
CVE-2006-2687
Cross-site scripting XSS vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address useremail parameter...
CVE-2006-2687
CVE-2006-2687 is a cross-site scripting (XSS) vulnerability in adduser.php of the PHP-AGTC Membership System, affecting version 1.1a and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the email address parameter (useremail). NVD metrics assign a medium base ...