37 matches found
EUVD-2006-4230
Malware in sbrugna...
EUVD-2007-6267
Malware in sbrugna...
EUVD-2006-3383
Malware in sbrugna...
Fusion News 1.0 (fil_config) - Remote File Inclusion (RFI)
No description provided by source...
FusionPHP Fusion News 3.3/3.6 Administrator Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This...
Fusionphp Fusion News 3.6.1 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication...
Fusion News 3.3 Unauthorized Account Addition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow a user to...
FusionPHP Fusion News 3.7 Index.PHP Remote File Include Vulnerability
No description provided by source...
CVE-2007-6300
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
CVE-2007-6300
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
CVE-2007-6300
The CVE-2007-6300 entry describes a Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0. Affected software: Fusion News 3.9.0 (web application). What is vulnerable: CSRF vulnerability that could allow remote attackers to perform unauthorized actions via unspecified vectors. Conse...
FusionPHP Fusion News Index.PHP远程文件包含漏洞
Fusion News是一款基于PHP的新闻管理程序。 Fusion News不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Fusionphp Fusion News 3.7 http://www.fusionphp.net/index.php?cat=fnews&page=features !/usr/bin/perl Aria-Security.net Advisory Discovered by: OUTLAW...
CVE-2006-4240
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter...
CVE-2006-4240
The CVE-2006-4240 entry describes a PHP remote file inclusion in Fusion News 3.7 (index.php) that allows an attacker to execute arbitrary PHP code via a URL parameter fpath. This is the core vulnerability and the affected component is Fusion News 3.7, specifically the index.php file handling fpat...
Fusionphp Fusion News 3.7 - index.php Remote File Inclusion
Fusionphp Fusion News 3.7 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/19546/info Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote...
Fusionphp Fusion News 3.7 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19546/info Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...
CVE-2006-3387
CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...