25 matches found
EUVD-1999-0687
Malware in sbrugna...
EUVD-2006-6257
Malware in sbrugna...
EUVD-2006-6163
Malware in sbrugna...
EUVD-2002-0521
Malware in sbrugna...
CVE-1999-0705
Buffer overflow in INN inews program...
ISC INN 2.0/2.1/2.2.x Multiple Local Format String Vulnerabilties
No description provided by source. source: http://www.securityfocus.com/bid/4501/info The Internet Software Consortium ISC Internet News INN project is a powerful, mature implementation of a usenet system, including a NNTP server and a newsreading server. It is available for a wide range of Unix...
ISC INN <= 2.2,RedHat Linux <= 6.0 inews Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/616/info INN versions 2.2 and earlier have a buffer overflow-related security condition in the inews program. inews is a program used to inject new postings into the news system. It is used by many news reading programs a...
Mandrake Linux Security Advisory : inn (MDKSA-2000:016)
A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandra...
Mandrake Linux Security Advisory : inn (MDKSA-2000:023)
A vulnerability exists when verifycancels is enabled in /etc/news/inn.conf. This vulnerability could be used to gain root access on any system with inn installed. This new version also does not install inews as setgid news or rnews as setuid root. Many other security paranoia fixes have been made...
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
CVE-2006-6180
Cross-site scripting XSS vulnerability in articles.asp in Expinion.net iNews Publisher iNP 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-6180
Cross-site scripting XSS vulnerability in articles.asp in Expinion.net iNews Publisher iNP 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party...
CVE-2006-6180
CVE-2006-6180 is a reflected cross-site scripting vulnerability in articles.asp of Expinion.net iNews Publisher (iNP) 2.5 and earlier, triggered by the hl parameter. Root cause: improper sanitization of user input allowing arbitrary script/HTML injection. Impact: partial confidentiality, integrit...
aria-inews.txt
Aria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=40 ----------------------- ------------------------------------ Software: iNews News Manager Method: SQL Injection PoC: http://target/path/articles.asp?ex=XSS Contact: [email protected]...
[Aria-Security Team] iNews News Manager SQL Injection
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=40 ----------------------- ------------------------------------ Software: iNews News Manager Method: SQL Injection PoC:...
CVE-2002-0526
Vulnerability in 1 inews or 2 rnews for INN 2.2.3 and earlier, related to insecure open calls...
CVE-2002-0525
The CVE-2002-0525 entry corresponds to a format string vulnerability in INN components (inews or rnews) affecting INN 2.2.3 and earlier. The underlying issue is format string specifiers in NNTP (NTTP) responses, which could allow a local user or a remote malicious NNTP server to gain privileges. ...
CVE-2002-0526
CVE-2002-0526 describes a vulnerability in the INN components (1) inews or (2) rnews for INN versions 2.2.3 and earlier, caused by insecure open() calls. The NVD metrics indicate a LOCAL attack with LOW complexity and no authentication, and potential COMPLETE impact on confidentiality, integrity,...