EUVD-2006-6804

Malware in sbrugna...

Malicious code in enews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 455047e17152ce661e1611aecff299b20099e60990c7ae4f64beda90ec307799 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8761 Malicious code in enews (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 455047e17152ce661e1611aecff299b20099e60990c7ae4f64beda90ec307799 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross site request forgery (csrf)

EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339...

CVE-2018-18449

EmpireCMS 7.5 is affected by a CSRF vulnerability that allows adding a user account via enews=AddUser on e/admin/user/ListUser.php (and related mentions in CVE records). The NVD entry for CVE-2018-18449 lists CVSS v2 base score 6.8 (MEDIUM) and CVSS v3 base score 8.8 (HIGH) with network attack ve...

Code injection

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file...

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

No description provided by source. eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net...

eNews 0.1 - delete.php Arbitrary Delete Post

eNews 0.1 - delete.php Arbitrary Delete Post eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net...

eNews 0.1 - 'delete.php' Arbitrary Delete Post

eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net ---------------------------------------------------------------- //poc: if...

enews-delete.txt

eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author: iLker Kandemir MEFISTO Script download : http://www.hotscripts.com/Detailed/81086.html script demo : http://emvvy.com/demos/enews/ site : www.dumenci.net ---------------------------------------------------------------- //poc: if...

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

Exploit for unknown platform in category web applications ========================================================== eNews 0.1 delete.php Arbitrary Delete Post Vulnerability ========================================================== eNews 0.1 delete.php Arbitrary Delete Post Vulnerability Author:...

CVE-2006-6821

myprofile.asp in Enthrallweb eNews does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

CVE-2006-6821

The CVE concerns Enthrallweb eNews: myprofile.asp fails to validate MM_recordId during profile updates, allowing remote authenticated users to change certain fields of another account by supplying that account’s username in MM_recordId. No remediation details are provided in the supplied documents.

CVE-2006-6821

myprofile.asp in Enthrallweb eNews does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

Enthrallweb eNews 1.0 - Remote User Pass Change

User Id: PASSWORD: FIRST: LAST:...

Enthrallweb eNews 1.0 Remote User Pass Change Exploit

No description provided by source. form action="target/classifieds/myprofile.asp" method="POST" name="form2" User Id: input type="text" name="MMrecordId" value="1" p/p table align="center" cellpadding="1" cellspacing="1" tr valign="baseline" td align="right" nowrap class="title"strongfont...

Enthrallweb eNews 1.0 Remote User Pass Change Exploit

Exploit for unknown platform in category web applications ===================================================== Enthrallweb eNews 1.0 Remote User Pass Change Exploit ===================================================== User Id: PASSWORD: FIRST: LAST:/fo...