Searching panel software vulnerabilities

The Alabanza Control Panel does not require pas

administrative | nsManagercgi | information | passwords | attackers | Alabanza | commands | program | Control | require | remote | modify | access | domain | allows | Panel | which | does | name | CGI | not | via |

The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.


The Video Control Panel on SGI O2/IRIX 6.5, whe

attackers | videoout | session | console | "Output | Default | Control | videoin | O2/IRIX | running | access | Video" | allows | Panel | Video | Input | then | set | SGI |

The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin.


Cross-site scripting (XSS) vulnerability in (1)

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.


The Windows Media Player control in Microsoft W

Microsoft | control | Windows | Player | Media |

The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.


The control panel in ASP Calendar does not requ

authentication | unauthorized | attackers | Calendar | require | control | request | mainasp | allows | remote | direct | access | panel | which | does | gain | ASP | not | via |

The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.


The Control Panel applet in WFTPD and WFTPD Pro

Control | applet | WFTPD | Panel | Pro |

The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.


Unrestricted file upload vulnerability in the A

Administration | administrators | authenticated | vulnerability | Unrestricted | arbitrary | NewsPHP | instead | execute | upload | allows | remote | video | files | Panel | code | file |

Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.


ProfitCode PayProCart 3.0 allows remote attacke

adminshop/indexphp | authentication | administrative | demonstrated | hex-encoded | privileges | PayProCart | ProfitCode | sequences | attackers | parameter | request | ftoedit | control | bypass | remote | allows | direct | admin | panel | gain | via |

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML.


SQL injection vulnerability in the admin login

vulnerability | injection | Ocean12 | Mailing | Manager | panel | admin | login | List | SQL |

SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter.


The Admin panel in PwsPHP 1.2.2 does not proper

PwsPHP | panel | Admin |

The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.


SQL injection vulnerability in SilverNews 2.0.3

vulnerability | SilverNews | injection | SQL |

SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.


SQL injection vulnerability in the login functi

administration | vulnerability | cosmoshop | injection | function | panel | login | SQL |

SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors.


image.php in vBulletin 3.0.9 and earlier allows

vBulletin | imagephp |

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.


Cross-site scripting (XSS) vulnerability in Sit

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.


SQL injection vulnerability in admin/index.php

admin/indexphp | ActiveCampaign | authentication | vulnerability | attackers | arbitrary | Broadcast | injection | username | commands | execute | control | 1-2-All | bypass | allows | remote | admin | panel | Email | field | SQL | via |

SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.


The Popular URL capability (popularurls.cpp) in

capability | Popular | URL |

The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.


functions.php in Ragnarok Online Control Panel

functionsphp | Ragnarok | Control | Online | Panel |

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.


Cross-site scripting (XSS) vulnerability in for

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.


Multiple SQL injection vulnerabilities in the a

vulnerabilities | unspecified | arbitrary | attackers | injection | commands | Multiple | vectors | execute | PHPEcho | remote | before | panel | admin | allow | SQL | CMS | via |

Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.


Software vulnerabilities results 1 to 20 of 79     
Page: 1234