7 matches found
CVE-2001-1526
The CVE-2001-1526 entry describes a Cross-site scripting (XSS) vulnerability in the comments action of index.php in easyNews 1.5 and earlier . The issue allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. Several connected records (Red Hat CVE, NVD, CVE List, CV...
CVE-2001-1527
The CVE affects easyNews 1.5 and earlier, where administration passwords are stored in cleartext in the file settings.php. This enables local users to obtain passwords and gain access due to improper password storage. The provided documents do not specify a vendor patch or remediation steps; no e...
CVE-2001-1525
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter...
CVE-2001-1527
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access...
CVE-2001-1525
The CVE-2001-1525 vulnerability affects easyNews 1.5 and earlier, where the comments action is vulnerable to directory traversal. An attacker can modify files such as news.dat and template.dat by supplying a ".." in the cid parameter, indicating a path traversal through the comments functionality...
CVE-2001-1437
Technical details about CVE-2001-1437 are not publicly available in the provided documents; monitor for updates.
easynews 1.5 let's remote users modify database
Hey, that's my first submission so don't expect anything spectacular. There are a few bugs in Easynews 1.5: Short Description: Easynews 1.5 - database and templates remotly modifieable, cross site scripting, local users gain admin pass, and stuff : Found by: markus [email protected] Vendor...