EUVD-2006-1216

Malware in sbrugna...

EUVD-2006-2034

Malware in sbrugna...

CoreNews <= 2.0.1 (userid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=24 Usage: corenews.pl host path use IO::Socket; if@ARGV != 2 usage; else exploit; sub...

Sql injection

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 iconid and 2 userid parameters in preview.php...

CVE-2006-2032

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 iconid and 2 userid parameters in preview.php...

CVE-2006-2033

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue...

Remote file inclusion

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue...

CVE-2006-2032

The CVE-2006-2032 entry documents multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier. The vulnerable surface is in preview.php, where attacker-supplied parameters icon_id and userid can be exploited to execute arbitrary SQL commands. The issue allows remote attackers to inf...

CVE-2006-2033

CoreNews risk (CVE-2006-2033): A PHP remote file inclusion vulnerability affecting Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. This is described as a distinct vector from CVE-2006-1212. Affected: CoreNews 2.0.1 and earlie...

CVE-2006-2033

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue...

CVE-2006-2032

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 iconid and 2 userid parameters in preview.php...

[Full-disclosure] Advisory: CoreNews &lt;= 2.0.1 Multiple Remote Vulnerabilities.

--Security Report-- Advisory: CoreNews = 2.0.1 Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 21:43 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: CoreNews http://www.coreslawn.de/...

CoreNews 2.0.1 - userid SQL Injection

CoreNews 2.0.1 - userid SQL Injection !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=24 Usage: corenews.pl use IO::Socket; if@ARGV != 2 usage; else exploit; sub header...

CoreNews <= 2.0.1 (userid) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================= CoreNews use IO::Socket; if@ARGV != 2 usage; else exploit; sub header print "\n- NukedX Security Advisory Nr.2006-24\r\n"; print "- CoreNews \r\n"; print "- - Victim's host ex:...

CoreNews &lt;= 2.0.1 (userid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=24 Usage: corenews.pl host path use IO::Socket; if@ARGV != 2 usage; else exploit; sub...

CVE-2006-1212

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which...

CVE-2006-1212

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which...

CVE-2006-1212

CVE-2006-1212 concerns Core CoreNews 2.0.1 where an issue in index.php allegedly allows remote command execution via a page parameter, possibly via a PHP remote file include vulnerability; however, source inspection could not confirm the presence of a page parameter in CoreNews 2.0.1. The connect...

CoreNews 2.0.1 Remote Command Exucetion

Webpage : www.coreslawn.de Risk : high Code : http://www.example.com/index.php?page=evilcode?&cmd=id For Patriotic Hackers Freedom For Ocalan irc.gigachat.net kurdhack...