gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
admin/login.php in DM FileManager 3.9.2 allows remote attackers to bypass authentication and gain administrative access by setting the (1) USER, (2) GROUPID, (3) GROUP, and (4) USERID cookies to certain values.
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request.
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1.
admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies.
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions for sub-albums via a ZIP archive.
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown vectors.
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header.
DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) templates/ including (2) templates/deluxe/admincp/, (3) templates/corporate/admincp/, and (4) templates/blue/admincp/; (5) images/; (6) logs/ including (7) logs/cp.php; (8) wysiwyg/; (9) docs/; (10) classes/; (11) lang/; and (12) settings/.
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
PowerUpload 2.4 allows remote attackers to bypass authentication and gain administrative access via a MIME encoded value of admin for the myadminname cookie.
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter.
Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.
admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
zFeeder 1.6 allows remote attackers to gain administrative access via a direct request to admin.php.
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "positive model," which allows remote attackers to bypass certain protection mechanisms via a %0A (encoded newline), as demonstrated by a %0A in a cross-site scripting (XSS) attack URL.
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file parameter.
Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1.2 allows remote attackers to gain administrative privileges via unknown vectors.
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.