Lucene search
+L

412 matches found

nvd
nvd
added 2006/09/14 9:7 p.m.29 views

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

4.3CVSS5.6AI score0.0459EPSS
Exploits1References11
cvelist
cvelist
added 2006/09/11 4:0 p.m.22 views

CVE-2006-4673

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the SERVERREMOTEADDR parameter to news.php...

7.6AI score0.01146EPSS
Exploits1References7
cvelist
cvelist
added 2006/09/08 9:0 p.m.19 views

CVE-2006-4647

PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter...

7.6AI score0.03179EPSS
Exploits1References6
exploitdb
exploitdb
added 2006/09/07 12:0 a.m.22 views

PHP-Fusion 6.0.x - 'news.php' SQL Injection

source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/06 12:0 a.m.41 views

Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit

============================================================================================== Sponge News = v2.2 sndir Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.2AI score
Exploits0
zdt
zdt
added 2006/09/05 12:0 a.m.23 views

Sponge News <= 2.2 (sndir) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ Sponge News = 2.2 sndir Remote File Include Vulnerability ============================================================...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2006/09/05 12:0 a.m.33 views

Sponge News 2.2 - &#039;sndir&#039; Remote File Inclusion

============================================================================================== Sponge News = v2.2 sndir Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

7.4AI score
Exploits0
cve
cve
added 2006/08/22 5:0 p.m.55 views

CVE-2006-4285

The CVE-2006-4285 vulnerability affects the Fantastic News web app (versions 2.1.3 and earlier; 2.1.5 also reported) where news.php processes CONFIG[script_path]. This enables a PHP remote file inclusion when an attacker supplies a crafted URL, allowing remote code execution on the server. The NV...

7.5CVSS7.9AI score0.03132EPSS
Exploits1References7Affected Software1
seebug
seebug
added 2006/08/19 12:0 a.m.26 views

Fantastic News &lt;= 2.1.3 (script_path) Remote File Include Vulnerability

No description provided by source. ============================================================================================== Fantastic News = v2.1.3 CONFIGscriptpath Remote File Inclusion Exploit ===============================================================================================...

7.1AI score
Exploits0
nvd
nvd
added 2006/08/14 11:4 p.m.18 views

CVE-2006-4141

SQL injection vulnerability in news.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 sortby and 2 sortorder parameters...

7.5CVSS8.4AI score0.01179EPSS
Exploits0References3
cvelist
cvelist
added 2006/08/14 11:0 p.m.21 views

CVE-2006-4141

SQL injection vulnerability in news.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 sortby and 2 sortorder parameters...

8.4AI score0.01179EPSS
Exploits0References3
cve
cve
added 2006/08/14 11:0 p.m.42 views

CVE-2006-4141

CVE-2006-4141 affects Virtual War (VWar) prior to 1.5.0, specifically the news.php module. It exposes a SQL injection vulnerability exploitable via the sortby and sortorder parameters, allowing remote attackers to execute arbitrary SQL commands. The CVE entry notes a base score of 7.5 (HIGH) with...

7.5CVSS8.8AI score0.01179EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.153 views

MiniBB Forum &lt;= 1.5a Remote File Include &#40;news.php&#41;

Title : MiniBB Forum = 1.5a Remote File Include news.php Discovered By AG-Spider ----------------------------------------------------------------------------- Affected software description : Application : MiniBB Forum 1.5a news.phpversion : version 1.5 exploit :Remote File Include...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/02 12:0 a.m.41 views

FreeHost &quot;misc.php &amp; news.php&quot; SQL Injection

================================ Discovered By: CrAzY CrAcKeR ================================ Example:- /FreeHost/misc.php?readme=SQL /FreeHost/news.php?index=SQL Search:- Powered By FreeHost ================================ Email:[email protected]...

2.2AI score
Exploits0
prion
prion
added 2006/06/01 1:2 a.m.19 views

Sql injection

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...

7.5CVSS9.1AI score0.01201EPSS
Exploits0References3
nvd
nvd
added 2006/06/01 1:2 a.m.19 views

CVE-2006-2721

Cross-site scripting XSS vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection...

6.8CVSS6.5AI score0.0111EPSS
Exploits0References3
prion
prion
added 2006/06/01 1:2 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection...

6.8CVSS7.2AI score0.0111EPSS
Exploits0References3
nvd
nvd
added 2006/06/01 1:2 a.m.16 views

CVE-2006-2720

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...

7.5CVSS8.4AI score0.01201EPSS
Exploits0References3
cve
cve
added 2006/06/01 1:0 a.m.50 views

CVE-2006-2720

SQL injection in VARIOMAT's news.php (parameter subcat) allows remote attackers to execute arbitrary SQL commands. CVE-2006-2720; impacted: VARIOMAT news.php. Risk: CVSS v2 base score 7.5 (HIGH). No remediation details provided in the supplied documents.

7.5CVSS8.4AI score0.01201EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2006/06/01 1:0 a.m.22 views

CVE-2006-2720

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...

8.4AI score0.01201EPSS
Exploits0References3
Rows per page
Query Builder