FusionPHP Fusion News 3.3/3.6 X-ForwordedFor PHP Script Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This may facilitate unauthorized access. ...

FusionPHP Fusion News Index.PHP远程文件包含漏洞

Fusion News是一款基于PHP的新闻管理程序。 Fusion News不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Fusionphp Fusion News 3.7 http://www.fusionphp.net/index.php?cat=fnews&page=features !/usr/bin/perl Aria-Security.net Advisory Discovered by: OUTLAW...

FusionPHP.txt

Advisory 8 Title: FusionPHP Multiple Vulnerabilities Author: 0ozeuso0 Contact: [email protected] Website: www.elitemexico.org Date: 01/03/2006 Risk: High Vendor Url: http://fusionphp.net/forums/ Affected Software: FusionPHP Non Affected: We Are: olimpus klan team Info:...

[Full-disclosure] FusionPHP Multiple Vulnerabilities

Advisory 8 Title: FusionPHP Multiple Vulnerabilities Author: 0ozeuso0 Contact: [email protected] Website: www.elitemexico.org Date: 01/03/2006 Risk: High Vendor Url: http://fusionphp.net/forums/ Affected Software: FusionPHP Non Affected: We Are: olimpus klan team Info:...

Fusion News Yet Another Unauthorized Account Addition Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP fusionphp.net Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Finder: r3d5pik...