31 matches found
EUVD-2020-26719
Malware in sbrugna...
EUVD-2006-3656
Malware in sbrugna...
EUVD-2005-2395
Malware in sbrugna...
EUVD-2005-3591
Malware in sbrugna...
EUVD-2005-2394
Malware in sbrugna...
CVE-2020-5557
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CuteNews 1.3 Comment HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10750/info CutePHP is reported prone to an HTML injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not...
CuteNews 0.88 comments.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several...
CuteNews 1.4.1 search.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17850/info CuteNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues to have...
CuteNews 1.4.6 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability
No description provided by source. ---- CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru Strawberry CuteNews Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ &nbs...
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5
waraxe-2007-SA060 - Sensitive info disclosure in CuteNews = 1.4.5 ===================================================================== Author: Janek Vind "waraxe" Date: 24. December 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-60.html Vulnerable software description: Cute new...
CVE-2006-1925
Directory traversal vulnerability in the editnews module inc/editnews.mdu in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the 1 editnews or 2 doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist...
CVE-2005-3507
CVE-2005-3507 affects CuteNews 1.4.1. The vulnerability is a directory traversal in the template parameter for show_archives.php and show_news.php, allowing remote attackers to include arbitrary files and potentially execute PHP code via "../" sequences. OpenVAS NASL cites privilege escalation/re...
CuteNews 1.4.1 - show_archives.php Traversal Arbitrary File Access
CuteNews 1.4.1 - showarchives.php Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' throug...
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/15295/info CuteNews is affected by a directory traversal vulnerability. An unauthorized attacker can retrieve or upload arbitrary files by supplying directory traversal strings '../' through an affected URI parameter. Exploitation of this vulnerability...
CVE-2005-1876
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...
CVE-2005-0645
Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...
CVE-2004-2615
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact...
CuteNews index.php mod Parameter XSS
The version of CuteNews installed on the remote host is vulnerable to a cross-site scripting XSS attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within...