37 matches found
EUVD-2006-4230
Malware in sbrugna...
EUVD-2007-6267
Malware in sbrugna...
EUVD-2006-3383
Malware in sbrugna...
Fusion News 1.0 (fil_config) - Remote File Inclusion (RFI)
No description provided by source...
Fusion News 3.3 Unauthorized Account Addition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow a user to...
Fusionphp Fusion News 3.6.1 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication...
FusionPHP Fusion News 3.7 Index.PHP Remote File Include Vulnerability
No description provided by source...
FusionPHP Fusion News 3.3/3.6 Administrator Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This...
CVE-2007-6300
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
CVE-2007-6300
The CVE-2007-6300 entry describes a Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0. Affected software: Fusion News 3.9.0 (web application). What is vulnerable: CSRF vulnerability that could allow remote attackers to perform unauthorized actions via unspecified vectors. Conse...
CVE-2007-6300
Cross-site request forgery CSRF vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors...
FusionPHP Fusion News Index.PHP远程文件包含漏洞
Fusion News是一款基于PHP的新闻管理程序。 Fusion News不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Fusionphp Fusion News 3.7 http://www.fusionphp.net/index.php?cat=fnews&page=features !/usr/bin/perl Aria-Security.net Advisory Discovered by: OUTLAW...
CVE-2006-4240
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter...
CVE-2006-4240
The CVE-2006-4240 entry describes a PHP remote file inclusion in Fusion News 3.7 (index.php) that allows an attacker to execute arbitrary PHP code via a URL parameter fpath. This is the core vulnerability and the affected component is Fusion News 3.7, specifically the index.php file handling fpat...
Fusionphp Fusion News 3.7 - index.php Remote File Inclusion
Fusionphp Fusion News 3.7 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/19546/info Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote...
Fusionphp Fusion News 3.7 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19546/info Fusion News is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...
CVE-2006-3387
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...
CVE-2006-3387
CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...