46 matches found
EUVD-2022-55987
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...
CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...
CVE-2022-50966
CVE-2022-50966 affects uBidAuction 2.0.1 in the news/manage module. The vulnerability is a reflected XSS in which the filter functionality does not properly sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scripts via crafted GET r...
PT-2026-39491
uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...
EUVD-2008-5250
Malware in sbrugna...
EUVD-2008-6629
Malware in sbrugna...
EUVD-2008-5251
Malware in sbrugna...
NEWS-BUZZ 安全漏洞
NEWS-BUZZ is a news management system by the individual developer ANIRBAN DUTTA that allows users to publish and manage various news content. A security vulnerability exists in NEWS-BUZZ v1.0, which stems from an improper operation of the parameter delete in the file /admin/users.php, which could...
NEWS-BUZZ 安全漏洞
NEWS-BUZZ is a news management system by the individual developer ANIRBAN DUTTA that allows users to post and manage various news content. A security vulnerability exists in NEWS-BUZZ v1.0, which stems from improper manipulation of the parameter post in the file /publicposts.php, which could lead...
Cute News vulnerable to PHP code execution
Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...
EBCMS (News & Information Version) v1.8.2 Exists Arbitrary User Password Reset Vulnerability
EBCMS short for EBCMS is a modular plug-in website management system based on PHP+Mysql. EBCMS News v1.8.2 there are arbitrary user password reset vulnerability vulnerability. The vulnerability is due to the program logic checks are not strict , the attacker can remotely reset any user password...
A+ PHP Scripts News Management System 0.3 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue. An...
Todd Woolums ASP News Management 2.2 - SQL Injection Vulnerabiltiy
No description provided by source. |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /\ \L\ /\ /\ \ \ \ \ \ \ / /\ \L\ \ | |...
YothCMS traversal directory vulnerability-vulnerability warning-the black bar safety net
Preferably a science and technology enterprise website management systemYothCMSis a completely open source free CMS that! YothCMS by Shijiazhuang preferably science and Technology Co., Ltd. The development of a completely open source build system, mainly for enterprises to quickly build simple,...
Happy people news management system mofei_new injection exploit-vulnerability warning-the black bar safety net
Happy people news system mofeinew existSQL injectionattack vulnerability GOOGLE keywords: inurl:mofeilist. asp? id= ! Can be thrown directly. D for injectionneeds its own plus a fields: usename to guess ! mofeilogin. asp background address ! The background can capture upload Trojan Note that in t...
WB News 2.3.3 Stored Cross Site Scripting
Title: WB News Webmobo 2.3.3 Stored XSS Vendor: http://www.webmobo.org/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability44.htm Thanks: r3dm0v3 r3dm0v3atymail.com,...
wb news (webmobo) 2.3.3 - Persistent Cross-Site Scripting
Title: WB News Webmobo 2.3.3 Stored XSS Vendor: http://www.webmobo.org/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability44.htm Thanks: r3dm0v3 r3dm0v3atymail.com,...
CVE-2008-6667
A+ PHP Scripts News Management System NMS allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1...
CuteNews Detection (HTTP)
HTTP based detection of CuteNews. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.100105";...
CVE-2008-5273
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter...