22 matches found
EUVD-2007-1139
Malware in sbrugna...
EUVD-2006-0165
Malware in sbrugna...
EUVD-2007-1138
Malware in sbrugna...
Reamday Enterprises Magic News Plus 1.0.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37566/info Magic News Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...
Magic News Plus <= 1.0.3 Admin Pass Change Exploit
No description provided by source. !/usr/bin/perl Magic News Plus =1.0.3 Admin Pass Change Exploit Copyright c 2006 cijfer [email protected] All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password...
Magic News Plus 1.0.2 preview.php php_script_path Parameter Remote File Inclusion
No description provided by source...
Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting
Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/37566/info Magic News Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
CVE-2007-1142
Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...
CVE-2007-1142
Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...
Cross site scripting
Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...
CVE-2007-1141
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
Remote file inclusion
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
CVE-2007-1142
Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...
CVE-2007-1141
The CVE-2007-1141 issue concerns Magic News Plus 1.0.2, where a PHP remote file inclusion vulnerability exists in preview.php. The root cause is the php_script_path parameter allowing an attacker-controlled URL to be included, enabling arbitrary PHP code execution on the server. This aligns with ...
CVE-2007-1142
CVE-2007-1142 affects Magic News Plus 1.0.2. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the link_parameters parameter in the files (1) news.php and (2) n_layouts.php, allowing remote attackers to inject arbitrary web script or HTML. The provided sources identify the af...
CVE-2007-1141
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
[SA18601] Reamday Enterprises Magic News Password Change Bypass
TITLE: Reamday Enterprises Magic News Password Change Bypass SECUNIA ADVISORY ID: SA18601 VERIFY ADVISORY: http://secunia.com/advisories/18601/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Reamday Enterprises Magic News Plus 1.x http://secunia.com/product/698...
CVE-2006-0157
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...
CVE-2006-0157
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...
CVE-2006-0157
The connected documents confirm a concrete vulnerability in Reamday Enterprises Magic News Plus 1.0.3: settings.php contains a flaw that lets remote attackers change the administrator password. The attack is performed via a change action that supplies identical values for passwd and admin_passwor...