20 matches found
CVE-2010-5065
popup.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action...
CVE-2025-23395
creationtimestamp| type| source ---|---|--- 2025-05-12 17:00:00+00:00| seen| https://security.opensuse.org/2025/05/12/screen-security-issues.html3b-tty-hijacking-while-attaching-to-a-multi-user-session-cve-2025-46802 2025-05-12 17:24:36+00:00| seen|...
CVE-2024-12373
creationtimestamp| type| source ---|---|--- 2024-12-17 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-03 2024-12-18 17:52:43+00:00| seen| https://t.me/cvedetector/13210 2024-12-20 14:17:25+00:00| seen| https://bsky.app/profile/hackingne.ws/post/3ldqlb62lf62g...
CVE-2024-56012
Cross-Site Request Forgery CSRF vulnerability in lizeipe Flash News / Post Responsive flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post Responsive: from n/a through = 4.1...
WordPress plugin Flash News / Post (Responsive) 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Flash News / Post (Responsive) plugin <= 4.1 - CSRF to Privilege Escalation vulnerability
CSRF to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Flash News / Post Responsive versions = 4.1...
SUSE CVE-2003-0855
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service crash via a news post with a long author email address...
starearlycollege.org XSS vulnerability
Vulnerable URL: http://starearlycollege.org/apps/news/shownews.jsp?RECID=426987=0=News Post CIA Internship - High School Seniors Scholarship Program - STAR Early College School Details: Description| Value ---|--- Patched:| Yes, at 15.10.2017 Latest check for patch:| 15.10.2017 22:31 GMT...
CVE-2010-5065
The CVE-2010-5065 entry concerns Virtual War (aka VWar) version 1.6.1 R2. A vulnerability in popup.php allows remote attackers to bypass intended member restrictions and read news posts by manipulating the newsid parameter in a printnews action. The issue enables unauthorized access to restricted...
CVE-2007-5834
Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...
CVE-2007-3330
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
Cross site scripting
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
CVE-2007-3331
Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...
CVE-2007-3330
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
CVE-2005-2074
Cross-site scripting XSS vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the 1 newsbody, 2 articledescription, or 3 articlebody parameters to submit.php...
CVE-2003-0855
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service crash via a news post with a long author email address...
CVE-2003-0855
Pan (GNOME/GTK+ newsreader) 0.13.3 and earlier is affected by CVE-2003-0855: parsing an article header with a very long author email can cause a remote denial of service (crash). The issue is addressed in Pan 0.13.4 and later; advisories (e.g., RHSA-2003:312) recommend upgrading to patched packag...
Drupal 4.0 - News Message HTML Injection
Drupal 4.0 - News Message HTML Injection source: https://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. Drupal fails to sufficiently filter potentially malicious HTML code from news posts. As a result, when...
DaCode 1.2 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...
phpWebSite 0.8.3 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that...