EUVD-2008-6112

Malware in sbrugna...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 checkuser and 2 checkpass parameters...

CVE-2008-6749

CVE-2008-6749 affects FlexPHPDirectory 0.0.1. Multiple SQL injection vulnerabilities exist in admin/usercheck.php when magic_quotes_gpc is disabled, allowing remote attackers to injected arbitrary SQL via the checkuser and checkpass parameters. The issue is documented with an NVD entry and multip...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6730

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6730

CVE-2008-6730 affects FlexPHPLink Pro versions 0.0.6 and 0.0.7. The vulnerability is a SQL injection in admin/usercheck.php that can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to alter or disclose data via the checkuser (username) or checkpass (password) fields dire...

CVE-2008-6730

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6241

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6241

CVE-2008-6241 affects FlexPHPSite versions 0.0.1 and 0.0.7. It describes SQL injection in admin/usercheck.php when magic_quotes_gpc is disabled, allowing remote attackers to modify or exfiltrate data via the checkuser (username) or checkpass (password) fields directed to admin/index.php. The NVD ...

CVE-2008-6241

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6142

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5927

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5927

CVE-2008-5927 describes multiple SQL injection vulnerabilities in FlexPHPNews 0.0.6, specifically in admin/usercheck.php. The attack surface is the login path at admin/index.php, where user-supplied inputs in the checkuser (username) and checkpass (password) parameters appear to be unsafely handl...

Flexphpsite 0.0.1 SQL Injection

Autore: x0r Email: [email protected] Site: http://w00tz0ne.altervista.org/index.php Cms: Flexphpsiteen Version: 0.0.1 Download: http://www.china-on-site.com/flexphpsite/downloads.html Bug In \admin\usercheck.php $sql = "select username,adminid from linkexadmin where username='$checkuser' and...

Flexphpic 0.0.x SQL Injection

Autore: S.W.A.T. Email: [email protected] Site: Www.BaTLaGH.coM Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3 Download: http://www.china-on-site.com/flexphpic/downloads.php Bug In \admin\usercheck.php $sql = "select username,adminid from linkexadmin where username='$checkuser' and...

Flexphpic 0.0.x - Authentication Bypass

Flexphpic 0.0.x - Authentication Bypass Autore: S.W.A.T. Email: [email protected] Site: Www.BaTLaGH.coM Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3 Download: http://www.china-on-site.com/flexphpic/downloads.php Bug In \admin\usercheck.php $sql = "select username,adminid from linkexadmin where...

Flexphplink 0.0.x - Authentication Bypass

Autore: x0r Email: [email protected] Site: http://w00tz0ne.altervista.org/index.php Cms: Flexphplink Pro Version: 0.0.7 Download: http://www.china-on-site.com/flexphplink/downloads.html Bug In \admin\usercheck.php $sql = "select username,adminid from linkexadmin where username='$checkuser' and...