412 matches found
CVE-2006-4794
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...
CVE-2006-4673
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the SERVERREMOTEADDR parameter to news.php...
CVE-2006-4647
PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter...
PHP-Fusion 6.0.x - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit
============================================================================================== Sponge News = v2.2 sndir Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
Sponge News <= 2.2 (sndir) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================ Sponge News = 2.2 sndir Remote File Include Vulnerability ============================================================...
Sponge News 2.2 - 'sndir' Remote File Inclusion
============================================================================================== Sponge News = v2.2 sndir Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
CVE-2006-4285
The CVE-2006-4285 vulnerability affects the Fantastic News web app (versions 2.1.3 and earlier; 2.1.5 also reported) where news.php processes CONFIG[script_path]. This enables a PHP remote file inclusion when an attacker supplies a crafted URL, allowing remote code execution on the server. The NV...
Fantastic News <= 2.1.3 (script_path) Remote File Include Vulnerability
No description provided by source. ============================================================================================== Fantastic News = v2.1.3 CONFIGscriptpath Remote File Inclusion Exploit ===============================================================================================...
CVE-2006-4141
SQL injection vulnerability in news.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 sortby and 2 sortorder parameters...
CVE-2006-4141
SQL injection vulnerability in news.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 sortby and 2 sortorder parameters...
CVE-2006-4141
CVE-2006-4141 affects Virtual War (VWar) prior to 1.5.0, specifically the news.php module. It exposes a SQL injection vulnerability exploitable via the sortby and sortorder parameters, allowing remote attackers to execute arbitrary SQL commands. The CVE entry notes a base score of 7.5 (HIGH) with...
MiniBB Forum <= 1.5a Remote File Include (news.php)
Title : MiniBB Forum = 1.5a Remote File Include news.php Discovered By AG-Spider ----------------------------------------------------------------------------- Affected software description : Application : MiniBB Forum 1.5a news.phpversion : version 1.5 exploit :Remote File Include...
FreeHost "misc.php & news.php" SQL Injection
================================ Discovered By: CrAzY CrAcKeR ================================ Example:- /FreeHost/misc.php?readme=SQL /FreeHost/news.php?index=SQL Search:- Powered By FreeHost ================================ Email:[email protected]...
Sql injection
SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...
CVE-2006-2721
Cross-site scripting XSS vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection...
Cross site scripting
Cross-site scripting XSS vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection...
CVE-2006-2720
SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...
CVE-2006-2720
SQL injection in VARIOMAT's news.php (parameter subcat) allows remote attackers to execute arbitrary SQL commands. CVE-2006-2720; impacted: VARIOMAT news.php. Risk: CVSS v2 base score 7.5 (HIGH). No remediation details provided in the supplied documents.
CVE-2006-2720
SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...