5 matches found
CVE-2001-1526
Cross-site scripting XSS vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter...
EUVD-2001-1503
Malware in sbrugna...
CVE-2001-1525
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter...
Sql injection
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edpHelpInternalNews action...
EasyNews 1.5 - NewsDatabaseTemplate Modification
EasyNews 1.5 - NewsDatabaseTemplate Modification source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. A...