27 matches found
CVE-2026-44515
Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL via the web interface or the API. In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or...
CVE-2009-4785
SQL injection vulnerability in the Quick News comquicknews component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewitem action to index.php...
EUVD-2003-0582
Malware in sbrugna...
EUVD-2002-2025
Malware in sbrugna...
CVE-2024-45558
creationtimestamp| type| source ---|---|--- 2025-01-06 11:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2z2ry2ww22 2025-01-06 11:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2z2ry2ww22 2025-01-06 11:42:02+00:00| seen|...
CVE-2024-28095
News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users...
traunsee.news Cross Site Scripting vulnerability OBB-1486168
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17361)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9. The...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
Magic snow enterprises website system 1.0 injection vulnerabilities-vulnerability warning-the black bar safety net
Magic snow corporate website source to have news, group overview, industrial systems, human resources, investment resources, feedback, contact us section. Backstage news dynamic management, enterprise information management, industry management system, human resources management, investment...
Ypninc Realty Classifieds Cross Site Scripting
Author: Andrea Bocchetti Homepage : http://www.geekit.it Software Info Name : Ypninc Realty Classifieds Vendor : http://fsbo.ypninc.com/ x Xss local news local news field is potentially exploitable XSS Demo exploit : http://fsbo.ypninc.com/localnews.php Author: Andrea Bocchetti Homepage :...
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1...
x-news 1.1 Password Disclosure Vulnerability
x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit: http://target/xnewspath/news/db/users.txt Showexample:...
EUVD-2006-5085
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS aka webnews 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WNBASEDIR parameter...
Web-News 1.6.3 - 'template.php' Remote File Inclusion
ToXiC BuG FounD by Drago84 Application Affect: WebNews Source Code: http://prdownloads.sourceforge.net/web-news/WebNews-1.6.3.zip?usemirror=superb-west Problem: Solution : Declare $contentpage Page Vulnerable : template.php Exempe Of ExPloit is:...
cnews101.txt
C-News v 1.0.1 Multiple Remote File Include Vulnerabilities ; Discovred By : ThELeO ; Software : C-News v 1.0.1 ; Exploit : http://Www.Example.Com/Script/affichage/pagination.php?path=U r Evil Script ; http://Www.Example.Com/Script/affichage/formulairecommentaires.php?path=U r Evil Script Greetz ...
WM-News 0.5 - 'print.php' Local File Inclusion
source: https://www.securityfocus.com/bid/19968/info WM-News is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also...
ACGV News 0.9.1 - 'header.php' Remote File Inclusion
ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- ACGV News v0.9.1 - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=1420 Script : ACGV News v0.9.1 Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, Blackened,...
Sponge News <= 2.2 (sndir) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================ Sponge News = 2.2 sndir Remote File Include Vulnerability ============================================================...
Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution
source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This issue permits a remote attacker to...