17 matches found
EUVD-2013-5480
Malware in sbrugna...
Gnew 2013.1 - Multiple Vulnerabilities
No description provided by source...
CVE-2013-7368
Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...
CVE-2013-7368
Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...
CVE-2013-7368
CVE-2013-7368 concerns multiple XSS vulnerabilities in Gnew 2013.1. The NVD entry states that remote attackers can inject arbitrary script/HTML via the gnew_template parameter across several pages (users/profile.php, articles/index.php, admin/polls.php; category_id for news/submit.php; news_id fo...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...
CVE-2013-5640
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-5640
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-5640
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-7349
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...
CVE-2013-5640
Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...
CVE-2013-5639
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the gnewlanguage cookie...
Directory traversal
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the gnewlanguage cookie...
CVE-2013-5639
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the gnewlanguage cookie...
CVE-2013-5639
CVE-2013-5639 is a directory traversal vulnerability in Gnew 2013.1 and earlier, where a remote attacker can read arbitrary files by exploiting the gnew_language cookie in the script at /users/login.php (directory traversal via ..). Connected sources corroborate the existence of this vulnerabilit...