Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-1139

Malware in sbrugna...

4.3CVSS6.4AI score0.01524EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-0165

Malware in sbrugna...

5CVSS6.4AI score0.02279EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1138

Malware in sbrugna...

7.5CVSS6.4AI score0.05691EPSS
Exploits1References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Reamday Enterprises Magic News Plus 1.0.2 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37566/info Magic News Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Magic News Plus <= 1.0.3 Admin Pass Change Exploit

No description provided by source. !/usr/bin/perl Magic News Plus =1.0.3 Admin Pass Change Exploit Copyright c 2006 cijfer [email protected] All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Magic News Plus 1.0.2 preview.php php_script_path Parameter Remote File Inclusion

No description provided by source...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/01/01 12:0 a.m.12 views

Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting

Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/37566/info Magic News Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

0.1AI score
Exploits0
NVD
NVD
added 2007/03/02 9:18 p.m.13 views

CVE-2007-1142

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...

4.3CVSS5.7AI score0.01524EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1142

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...

4.3CVSS5.8AI score0.01524EPSS
Exploits1References6
Prion
Prion
added 2007/03/02 9:18 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...

4.3CVSS6.2AI score0.01524EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.3 views

CVE-2007-1141

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...

7.5CVSS6.2AI score0.05691EPSS
Exploits2References5
Prion
Prion
added 2007/03/02 9:18 p.m.12 views

Remote file inclusion

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...

7.5CVSS7.7AI score0.05691EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2007/02/27 6:0 p.m.18 views

CVE-2007-1142

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...

5.7AI score0.01524EPSS
Exploits1References5
CVE
CVE
added 2007/02/27 6:0 p.m.44 views

CVE-2007-1141

The CVE-2007-1141 issue concerns Magic News Plus 1.0.2, where a PHP remote file inclusion vulnerability exists in preview.php. The root cause is the php_script_path parameter allowing an attacker-controlled URL to be included, enabling arbitrary PHP code execution on the server. This aligns with ...

7.5CVSS7.5AI score0.05691EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2007/02/27 6:0 p.m.52 views

CVE-2007-1142

CVE-2007-1142 affects Magic News Plus 1.0.2. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the link_parameters parameter in the files (1) news.php and (2) n_layouts.php, allowing remote attackers to inject arbitrary web script or HTML. The provided sources identify the af...

4.3CVSS5.7AI score0.01524EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/02/27 6:0 p.m.22 views

CVE-2007-1141

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...

7.3AI score0.05691EPSS
Exploits1References4
securityvulns
securityvulns
added 2006/01/25 12:0 a.m.33 views

[SA18601] Reamday Enterprises Magic News Password Change Bypass

TITLE: Reamday Enterprises Magic News Password Change Bypass SECUNIA ADVISORY ID: SA18601 VERIFY ADVISORY: http://secunia.com/advisories/18601/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Reamday Enterprises Magic News Plus 1.x http://secunia.com/product/698...

0.2AI score
Exploits0
NVD
NVD
added 2006/01/10 11:3 a.m.12 views

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...

5CVSS6.8AI score0.02279EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/01/10 11:0 a.m.17 views

CVE-2006-0157

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...

6.8AI score0.02279EPSS
Exploits1References3
CVE
CVE
added 2006/01/10 11:0 a.m.50 views

CVE-2006-0157

The connected documents confirm a concrete vulnerability in Reamday Enterprises Magic News Plus 1.0.3: settings.php contains a flaw that lets remote attackers change the administrator password. The attack is performed via a change action that supplies identical values for passwd and admin_passwor...

5CVSS6.8AI score0.02279EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder