11 matches found
EUVD-2008-1651
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edppupublish action...
Directory traversal
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...
CVE-2008-1650
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edpHelpInternalNews action...
CVE-2008-1651
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...
CVE-2008-1650
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edpHelpInternalNews action...
CVE-2008-1649
Cross-site scripting XSS vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edppupublish action...
CVE-2008-1651
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...
CVE-2008-1651
EasyNews 4.0 admin/login.php is affected by a directory traversal vulnerability. An attacker can supply a ".." in the lang parameter to include and execute local files, enabling remote code execution. CVSS v2 base score 7.5 (HIGH); network access, no authentication, partial impact on confidential...
CVE-2008-1650
CVE-2008-1650 describes an SQL injection in EasyNews 4.0. The vulnerability exists in dynamicpages/index.php where the read parameter in the edp_Help_Internal_News action can be manipulated to execute arbitrary SQL commands. The exploitation is described as a remote, network-based vector with no ...
CVE-2008-1649
CVE-2008-1649 is an XSS vulnerability in EasyNews 4.0 (staticpages/easypublish/index.php) that allows remote attackers to inject arbitrary script via the read parameter in an edp_pupublish action. Affected component is the easypublish read handling; impact per reported data is partial integrity. ...