Lucene search
K

7 matches found

CVE
CVE
added 2005/07/14 4:0 a.m.45 views

CVE-2001-1526

The CVE-2001-1526 entry describes a Cross-site scripting (XSS) vulnerability in the comments action of index.php in easyNews 1.5 and earlier . The issue allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. Several connected records (Red Hat CVE, NVD, CVE List, CV...

4.3CVSS6AI score0.00992EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2005/07/14 4:0 a.m.48 views

CVE-2001-1527

The CVE affects easyNews 1.5 and earlier, where administration passwords are stored in cleartext in the file settings.php. This enables local users to obtain passwords and gain access due to improper password storage. The provided documents do not specify a vendor patch or remediation steps; no e...

2.1CVSS6.8AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.22 views

CVE-2001-1525

Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter...

6.7AI score0.02513EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.29 views

CVE-2001-1527

easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access...

6.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2005/07/14 4:0 a.m.49 views

CVE-2001-1525

The CVE-2001-1525 vulnerability affects easyNews 1.5 and earlier, where the comments action is vulnerable to directory traversal. An attacker can modify files such as news.dat and template.dat by supplying a ".." in the cid parameter, indicating a path traversal through the comments functionality...

5CVSS7.1AI score0.02513EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2005/04/21 4:0 a.m.45 views

CVE-2001-1437

Technical details about CVE-2001-1437 are not publicly available in the provided documents; monitor for updates.

7.5CVSS7AI score0.02115EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2001/12/03 12:0 a.m.37 views

easynews 1.5 let's remote users modify database

Hey, that's my first submission so don't expect anything spectacular. There are a few bugs in Easynews 1.5: Short Description: Easynews 1.5 - database and templates remotly modifieable, cross site scripting, local users gain admin pass, and stuff : Found by: markus [email protected] Vendor...

0.3AI score
Exploits0
Rows per page
Query Builder