admin inc change actionphp software vulnerabilities
vulnerabilities.aspcode.net
Searching admin inc change actionphp software vulnerabilities
Computer Associates (CA) Unicenter Asset Manage
Associates
|
Computer
|
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
traversal
|
directory
|
Multiple
|
GuppY
|
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
Cross-site scripting (XSS) vulnerability in Tin
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
settings.php in Reamday Enterprises Magic News
Enterprises
|
settingsphp
|
Reamday
|
Magic
|
Plus
|
News
|
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
Multiple unspecified vulnerabilities in MyBulle
vulnerabilities
|
MyBulletinBoard
|
unspecified
|
Multiple
|
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
PHP remote file inclusion vulnerability in Smar
register_globals
|
vulnerability
|
SmartSiteCMS
|
attackers
|
arbitrary
|
parameter
|
inclusion
|
execute
|
enabled
|
earlier
|
remote
|
allows
|
root
|
code
|
file
|
PHP
|
via
|
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
SQL injection vulnerability in bmc/Inc/core/adm
bmc/Inc/core/admin/searchincphp
|
vulnerability
|
boastMachine
|
injection
|
Kailash
|
Nadh
|
SQL
|
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
versions
|
dir[inc]
|
possibly
|
Multiple
|
AEDating
|
execute
|
earlier
|
remote
|
allow
|
code
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
WiClear
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
earlier
|
remote
|
MDweb
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.
AlstraSoft Web Host Directory allows remote att
authentication
|
admin/config
|
AlstraSoft
|
attackers
|
Directory
|
password
|
request
|
change
|
direct
|
remote
|
allows
|
bypass
|
admin
|
Host
|
Web
|
via
|
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
Admin/users.php in Snaps! Gallery 1.4.4 allows
Admin/usersphp
|
Gallery
|
Snaps
|
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
Cross-site request forgery (CSRF) vulnerability
Cross-site
|
forgery
|
request
|
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
PHP remote file inclusion vulnerability in admi
admin/business_inc/saveserverphp
|
vulnerability
|
inclusion
|
Confixx
|
SWSoft
|
remote
|
file
|
Pro
|
PHP
|
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
PHP remote file inclusion vulnerability in admi
admin/inc/change_actionphp
|
vulnerability
|
inclusion
|
PHPNews
|
Andreas
|
Robertz
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
SimpNews 2.41.03 stores sensitive information u
SimpNews
|
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Cross-site request forgery (CSRF) vulnerability
Cross-site
|
forgery
|
request
|
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.
SimpGB 1.46.02 stores sensitive information und
SimpGB
|
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Software vulnerabilities results 1 to 20 of 1021
Page:
1
2
3
4
5
...
52
►