Lucene search
+L

412 matches found

cve
cve
added 2006/06/01 1:0 a.m.56 views

CVE-2006-2721

CVE-2006-2721 describes a cross-site scripting (XSS) vulnerability in VARIOMAT’s news.php, exploitable via the subcat parameter. The issue is noted to possibly originate from SQL injection, but the connected documents do not provide explicit root-cause details, affected versions, or confirmed exp...

6.8CVSS6.6AI score0.0111EPSS
Exploits0References3Affected Software1
prion
prion
added 2006/05/19 11:2 p.m.14 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

7.5CVSS8.1AI score0.04192EPSS
Exploits1References9Affected Software1
exploitpack
exploitpack
added 2006/05/17 12:0 a.m.55 views

ScozNews 1.2.1 - mainpath Remote File Inclusion

ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...

0.1AI score
Exploits0
prion
prion
added 2006/05/02 10:2 a.m.10 views

Sql injection

SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS9.1AI score0.01339EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2006/05/02 10:2 a.m.15 views

CVE-2006-2136

SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS8.4AI score0.01339EPSS
Exploits0References6
cve
cve
added 2006/05/02 10:0 a.m.40 views

CVE-2006-2136

CVE-2006-2136 describes an SQL injection vulnerability in the AZNEWS system, specifically in news.php where the ID parameter can be manipulated by an attacker to cause arbitrary SQL commands to execute remotely. The vulnerability is documented across multiple sources (NVD, CVE list, PRION, CVELIS...

7.5CVSS8.4AI score0.01339EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2006/05/02 10:0 a.m.24 views

CVE-2006-2136

SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...

8.4AI score0.01339EPSS
Exploits0References6
prion
prion
added 2006/04/13 10:2 a.m.22 views

Sql injection

SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php...

6.4CVSS8.7AI score0.01111EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2006/04/13 10:0 a.m.25 views

CVE-2006-1773

SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php...

8.3AI score0.01111EPSS
Exploits1References4
cvelist
cvelist
added 2006/04/10 11:0 p.m.24 views

CVE-2006-1684

Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via 1 the lang parameter in news.php and 2 other unspecified vectors...

6.7AI score0.01055EPSS
Exploits0References1
securityvulns
securityvulns
added 2006/04/09 12:0 a.m.433 views

Virtual War File İnclusion

Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...

0.5AI score
Exploits0
nvd
nvd
added 2006/04/06 10:4 a.m.18 views

CVE-2006-1641

Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the 1 usern or 2 passw parameters to a cnauth.php, 3 s parameter to b news.php, or 4 a parameter to c dpost.php...

5.1CVSS8.5AI score0.02311EPSS
Exploits0References10
cve
cve
added 2006/04/02 9:0 p.m.48 views

CVE-2006-1575

QLnews 1.2 is affected by multiple XSS vulnerabilities in news.php. The issues allow remote attackers to inject arbitrary script/HTML via the autorx and newsx parameters due to inadequate input sanitization. This is documented across sources referencing CVE-2006-1575 (NVD) and eVuln materials not...

6.8CVSS5.8AI score0.01488EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2006/04/02 9:0 p.m.17 views

CVE-2006-1575

Multiple cross-site scripting XSS vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 autorx and 2 newsx parameters...

5.8AI score0.01488EPSS
Exploits0References7
prion
prion
added 2006/03/30 11:2 a.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

7.5CVSS9.2AI score0.03519EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2006/03/30 11:2 a.m.27 views

CVE-2006-1543

Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...

7.5CVSS8.5AI score0.03519EPSS
Exploits0References8
cve
cve
added 2006/03/30 11:0 a.m.47 views

CVE-2006-1544

CVE-2006-1544 affects VNews 1.2 (vscripts) with multiple XSS flaws in news.php, exploitable via parameters autorkomentarza and tresckomentarza. The vulnerability allows remote attackers to inject arbitrary script/HTML. Exploitation: PoC/Exploit available per eVuln documentation. Affected software...

4.3CVSS5.8AI score0.01342EPSS
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2006/03/18 12:0 a.m.51 views

[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities

New eVuln Advisory: NMDeluxe XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/93/summary.html --------------------Summary---------------- eVuln ID: EV0093 CVE: CVE-2006-1107 CVE-2006-1108 Software: NMDeluxe Sowtware's Web Site: http://nmdeluxe.com/ Versions: 1.0.0 STABLE Critical Level:...

7.5CVSS0.7AI score0.01413EPSS
Exploits0
prion
prion
added 2006/03/09 1:6 p.m.15 views

Sql injection

SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.8AI score0.01413EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2006/03/09 1:6 p.m.10 views

CVE-2006-1107

Cross-site scripting XSS vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter...

4.3CVSS5.7AI score0.01373EPSS
Exploits0References8
Rows per page
Query Builder