15 matches found
EUVD-2006-1755
Malware in sbrugna...
MD News 1 Admin.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow a...
MDNews.txt
SaVSaK.CoM | SpC-x - The-BeKiR | MD News 1 Version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : MD News Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx Code : $configfile = "config.php"; require $configfile; Vulnerable : http://www.victim.com/MD...
MD News 1 Version - Remote File Include Vulnerabilities
SaVSaK.CoM | SpC-x - The-BeKiR | MD News 1 Version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : MD News Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx Code : $configfile = "config.php"; require $configfile; Vulnerable : http://www.victim.com/MD...
[eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities
New eVuln Advisory: MD News Authentication Bypass and SQL Injection Vulnerabilities http://evuln.com/vulns/120/summary.html --------------------Summary---------------- eVuln ID: EV0120 Software: MD News Sowtware's Web Site: http://www.matthewdingley.co.uk/ Versions: 1 Critical Level: Moderate Typ...
CVE-2006-1756
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area...
Authentication flaw
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area...
Sql injection
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2006-1755
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2006-1755
MD News 1 admin.php is affected by an SQL injection in the id parameter that allows remote attackers to run arbitrary SQL. Root cause: improper handling of input leading to SQL injection. Impact: potential unauthorized data exposure or modification; exploitation is remote over the network with lo...
CVE-2006-1756
MD News 1 is affected by CVE-2006-1756: remote attackers can bypass authentication via a direct request to a script in the Administration Area. The vulnerability enables auth bypass, with CVSS v2.0 base metrics: 7.5 (HIGH) with Network attack vector, Low complexity, no user interaction. Impact de...
CVE-2006-1756
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area...
CVE-2006-1755
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
MD News 1 - admin.php SQL Injection
MD News 1 - admin.php SQL Injection source: https://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...
MD News 1 - 'admin.php' SQL Injection
source: https://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...