CVE-2006-0940

CVE-2006-0940 affects ShoutLIVE 1.1.0, specifically the savesettings.php script. The vulnerability arises because user-defined variables are written directly into settings.php without proper sanitization, enabling remote attackers to execute arbitrary PHP code. This is described as a PHP code exe...

CVE-2006-0722

settings.php in Reamday Enterprises Magic Downloads 1.1.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are no...

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...

cijfer-mnxpl.pl.txt

!/usr/bin/perl Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where the problem is line 108 of 426: ... 1 elseif $action == "change" ... 2 if $passwd !=...

Magic News Plus 1.0.3 - Admin Pass Change

Magic News Plus 1.0.3 - Admin Pass Change !/usr/bin/perl Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where the problem is line 108 of 426: ... 1 elseif $action ...

Magic News Plus 1.0.3 - Admin Pass Change

!/usr/bin/perl Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where the problem is line 108 of 426: ... 1 elseif $action == "change" ... 2 if $passwd !=...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

CVE-2001-1527

easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access...

CVE-2004-2192

CVE-2004-2192 concerns a SQL injection in Turbo Traffic Trader PHP 1.0, specifically in tttadmin/settings.php where the ttt_admin parameter enables remote attackers to execute arbitrary SQL commands. The vulnerability arises from improper handling of user-supplied input in the affected script, al...