16 matches found
EUVD-2002-2298
Malware in sbrugna...
EUVD-2002-2297
Malware in sbrugna...
CVE-2002-2319
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...
CVE-2002-2320
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3...
MySimpleNews 1.0 - Remotely Readable Administrator Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password. The administrator...
MySimpleNews 1.0 PHP Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file...
CVE-2002-2319
CVE-2002-2319 affects MySimpleNews: a static code injection vulnerability in users.php allows remote attackers to inject arbitrary PHP code and HTML via the LOGIN, DATA, and MESS parameters, which are inserted into news.php3. This indicates input handling flaws that enable arbitrary code executio...
CVE-2002-2320
CVE-2002-2320 affects MySimpleNews 1.0. The vulnerability permits a remote attacker to delete arbitrary email messages via a direct request to vider.php3. The connected Red Hat and CVE listings repeat the same description, but the provided documents do not specify the root cause beyond this endpo...
CVE-2002-2319
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...
CVE-2002-2320
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3...
CVE-2002-2320
MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3...
CVE-2002-2319
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...
MySimpleNews 1.0 - PHP Injection
MySimpleNews 1.0 - PHP Injection source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file...
MySimpleNews 1.0 - PHP Injection
source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file news.php3. The injected code may then be...
MySimpleNews 1.0 - Remote Readable Administrator Password
source: https://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password. The administrator password can be found in the HTML...
MySimpleNews 1.0 - Remote Readable Administrator Password
MySimpleNews 1.0 - Remote Readable Administrator Password source: https://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator...