mnogosearch common database admin pass software vulnerabilities
vulnerabilities.aspcode.net
Searching mnogosearch common database admin pass software vulnerabilities
Buffer overflow in search.cgi for mnoGoSearch 3
mnoGoSearch
|
searchcgi
|
overflow
|
Buffer
|
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
Buffer overflow in search.cgi for mnoGoSearch 3
mnoGoSearch
|
searchcgi
|
overflow
|
Buffer
|
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
CiscoWorks Common Management Foundation (CMF) 2
Management
|
Foundation
|
CiscoWorks
|
Common
|
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
SQL injection vulnerability in Password Protect
authentication
|
vulnerability
|
statements
|
arbitrary
|
injection
|
attackers
|
Password
|
execute
|
Protect
|
bypass
|
allows
|
remote
|
via
|
SQL
|
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
SQL injection vulnerability in login.php in Zen
vulnerability
|
injection
|
loginphp
|
Cart
|
112d
|
SQL
|
Zen
|
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
Computer Associates Unicenter Common Services 3
TndAddNspTmpbat
|
privileges
|
Associates
|
cleartext
|
Unicenter
|
database
|
password
|
Services
|
Computer
|
earlier
|
Common
|
stores
|
allow
|
local
|
users
|
which
|
could
|
"SA"
|
gain
|
file
|
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
ArGoSoft FTP Server before 1.4.1.6 allows remot
ArGoSoft
|
Server
|
before
|
FTP
|
ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.
admin.php in PHP-Stats 0.1.9.1 and earlier allo
PHP-Stats
|
adminphp
|
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password.
Multiple SQL injection vulnerabilities in Maian
vulnerabilities
|
arbitrary
|
attackers
|
injection
|
Multiple
|
commands
|
execute
|
Support
|
remote
|
Maian
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.
SQL injection vulnerability in admin_login.asp
admin_loginasp
|
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
commands
|
execute
|
SiteMan
|
allows
|
remote
|
Egypt
|
pass
|
SQL
|
ISP
|
via
|
SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter.
SQL injection vulnerability in phpBannerExchang
phpBannerExchange
|
vulnerability
|
arbitrary
|
attackers
|
injection
|
commands
|
execute
|
remote
|
before
|
Update
|
allows
|
via
|
SQL
|
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php.
Multiple PHP remote file inclusion vulnerabilit
commonIncludePath
|
vulnerabilities
|
Valdersoft
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
Multiple
|
Shopping
|
execute
|
earlier
|
remote
|
allow
|
code
|
Cart
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
EncapsCMS
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
Capital Request Forms stores sensitive informat
inc/common_dbinc
|
insufficient
|
information
|
credentials
|
attackers
|
sensitive
|
database
|
Capital
|
control
|
Request
|
remote
|
direct
|
obtain
|
allows
|
stores
|
access
|
under
|
Forms
|
which
|
root
|
web
|
via
|
Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.
admin/configuration.php in Guestbara 1.2 and ea
admin/configurationphp
|
parameters
|
admin_mail
|
parameter
|
Guestbara
|
attackers
|
providing
|
password
|
modified
|
account
|
setting
|
earlier
|
remote
|
allows
|
modify
|
e-mail
|
login
|
admin
|
zapis
|
name
|
pass
|
"ok"
|
admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
supa[db_path]
|
attackers
|
arbitrary
|
inclusion
|
parameter
|
Multiple
|
Supasite
|
execute
|
remote
|
allow
|
file
|
code
|
123b
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
injection
|
arbitrary
|
attackers
|
adminphp
|
Multiple
|
commands
|
DISPUTED
|
execute
|
phpHoo3
|
remote
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use.
** DISPUTED ** captcha.php in BellaBook (aka B
captchaphp
|
BellaBook
|
DISPUTED
|
** DISPUTED ** captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derived from the admin_pass and secret variables, in addition to the admin_name; and because the exploit code is designed for an unrelated application.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel.
Software vulnerabilities results 1 to 20 of 1337
Page:
1
2
3
4
5
...
67
►