CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name...

CVE-2021-27159

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP...

Cross site request forgery (csrf)

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cfnew.cgi?chief=&wkgroup=full&cfname=test&cfaccount=test&cfemail=&cfacl=Management&applylang=&dn= without any authorizes...

Sql injection

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...

CVE-2014-5521

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter...

CVE-2014-5521

plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter...

CVE-2014-3418

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter...

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

a bug in Vbulletin blogpluginuseradmin v4.1.12 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Vbulletin blogpluginuseradmin v4.1.12 Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link :...

Cross site scripting

Cross-site scripting XSS vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real aka Full Name field, related to useradmin/index.cgi and useradmin/user-lib.pl...

CVE-2011-1937

CVE-2011-1937 affects Webmin versions up to 1.540. The vulnerability is a cross-site scripting (XSS) flaw that lets local users inject arbitrary script/HTML via the chfn command changing the real name field, related to the code paths useradmin/index.cgi and useradmin/user-lib.pl. Documented impac...

CVE-2011-1937

Cross-site scripting XSS vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real aka Full Name field, related to useradmin/index.cgi and useradmin/user-lib.pl...

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing

Flexcustomer 0.0.6 - Admin Authentication Bypass Possible PHP Code Writing START 0x01 Informations: Script : Flexcustomer Download : http://www.hotscripts.com/jump.php?listingid=25331&jumptype=1 Vulnerability : Admin Login Bypass / Possible PHP code writing Author : Osirys Contact :...

FlexCustomer <= 0.0.4 sql injection

FlexCustomer = 0.0.4 sql injection Discovered by: Nomenumbra Date: 6/4/2006 impact:high privilege escalation,defacement FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in the common user and admin-panel login as follows it really is SQL-injection 101 you know....: a' or...

CVE-2002-0096

The installation of Geeklog 1.3 creates an extra groupassignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended...