CVE-2005-0646

CVE-2005-0646 affects paNews 2.0.4b; SQL injection via includes/auth.php using the mysql_prefix parameter allows remote attackers to execute arbitrary SQL. The NVD entry lists a base score of 7.5 (HIGH) with network access and no authentication required; impact is partial confidentiality, integri...

CVE-2005-0632

CVE-2005-0632 concerns PHPNews, an open‑source PHP-based news application. The vulnerability is a remote file include in the script auth.php , allowing an attacker to execute arbitrary PHP code via the path parameter on PHPNews versions 1.2.4 (and possibly 1.2.3). Root cause is a missing validati...

PHPNews auth.php path Parameter Remote File Inclusion

The remote host is running PHPNews, an open source news application written in PHP. The installed version of PHPNews has a remote file include vulnerability in the script 'auth.php'. By leveraging this flaw, a attacker can cause arbitrary PHP code to be executed on the remote host using the...

PHPNews < 1.2.5 auth.php path Parameter Remote File Inclusion

Binary data 2665.prm...

CVE-2004-0240

Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. dot dot in the shopclosedfile argument to auth.php...

Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities

Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/9563/info X-Cart has been reported to be prone to an issue that may allow remote attackers to view any web server readable files on the affected system. The issue is caused by a...