25 matches found
EUVD-2005-2167
Malware in sbrugna...
EUVD-2005-2168
Malware in sbrugna...
EUVD-2005-2169
Malware in sbrugna...
CVE-2005-2168
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...
CVE-2005-2167
Cross-site scripting XSS vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter...
Plague News System 0.7 CID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14136/info Plague News System is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. Other attacks may be possible dependi...
Plague News System 0.7 Delete.PHP Access Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14139/info Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script. A remote attacker...
Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...
CVE-2005-2166
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2005-2168
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...
CVE-2005-2166
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2005-2168
Plague News System 0.6 and earlier is affected. The delete.php file allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter, due to an insufficient authorization/authentication check in delete.php. Impact is unauthorized content deletion....
CVE-2005-2166
CVE-2005-2166 targets Plague News System (version 0.6 and earlier). The vulnerability is a SQL injection in index.php via the cid parameter, enabling remote attackers to execute arbitrary SQL commands. Connected PT-2005-3098 notes affected versions and confirms no publicly known fix in newer vers...
CVE-2005-2167
Cross-site scripting XSS vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter...
CVE-2005-2167
Plague News System vulnerable to cross-site scripting (XSS) in index.php via the cid parameter for versions 0.6 and earlier. Exploitation could inject arbitrary script/HTML into pages viewed by other users; impact is partial confidentiality/integrity (per CVSS details). No exploit code is provide...
PT-2005-3100 · Plague · Plague News System
Name of the Vulnerable Software and Affected Versions: Plague News System versions 0.6 and earlier Description: The issue allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter in the delete.php file. Recommendations: For Plague News...
PT-2005-3098 · Plague · Plague News System
Name of the Vulnerable Software and Affected Versions: Plague News System versions 0.6 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cid parameter in the "index.php" endpoint. Recommendations: For Plague News System versions...
PT-2005-3099 · Plague · Plague News System
Name of the Vulnerable Software and Affected Versions: Plague News System versions 0.6 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the cid parameter in the "index.php" file...
[SA15902] Plague News System SQL Injection and Security Bypass Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Plague News System 0.7 - delete.php Access Restriction Bypass
Plague News System 0.7 - delete.php Access Restriction Bypass source: https://www.securityfocus.com/bid/14139/info Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to th...