412 matches found
CVE-2006-2721
CVE-2006-2721 describes a cross-site scripting (XSS) vulnerability in VARIOMAT’s news.php, exploitable via the subcat parameter. The issue is noted to possibly originate from SQL injection, but the connected documents do not provide explicit root-cause details, affected versions, or confirmed exp...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...
ScozNews 1.2.1 - mainpath Remote File Inclusion
ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...
Sql injection
SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2006-2136
SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2006-2136
CVE-2006-2136 describes an SQL injection vulnerability in the AZNEWS system, specifically in news.php where the ID parameter can be manipulated by an attacker to cause arbitrary SQL commands to execute remotely. The vulnerability is documented across multiple sources (NVD, CVE list, PRION, CVELIS...
CVE-2006-2136
SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter...
Sql injection
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php...
CVE-2006-1773
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php...
CVE-2006-1684
Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via 1 the lang parameter in news.php and 2 other unspecified vectors...
Virtual War File İnclusion
Virtual War File nclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File nclusion // get functions $vwarroot = "./"; require $vwarroot . "includes/functionscommon.php"; require $vwarroot...
CVE-2006-1641
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the 1 usern or 2 passw parameters to a cnauth.php, 3 s parameter to b news.php, or 4 a parameter to c dpost.php...
CVE-2006-1575
QLnews 1.2 is affected by multiple XSS vulnerabilities in news.php. The issues allow remote attackers to inject arbitrary script/HTML via the autorx and newsx parameters due to inadequate input sanitization. This is documented across sources referencing CVE-2006-1575 (NVD) and eVuln materials not...
CVE-2006-1575
Multiple cross-site scripting XSS vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 autorx and 2 newsx parameters...
Sql injection
Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...
CVE-2006-1543
Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...
CVE-2006-1544
CVE-2006-1544 affects VNews 1.2 (vscripts) with multiple XSS flaws in news.php, exploitable via parameters autorkomentarza and tresckomentarza. The vulnerability allows remote attackers to inject arbitrary script/HTML. Exploitation: PoC/Exploit available per eVuln documentation. Affected software...
[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities
New eVuln Advisory: NMDeluxe XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/93/summary.html --------------------Summary---------------- eVuln ID: EV0093 CVE: CVE-2006-1107 CVE-2006-1108 Software: NMDeluxe Sowtware's Web Site: http://nmdeluxe.com/ Versions: 1.0.0 STABLE Critical Level:...
Sql injection
SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2006-1107
Cross-site scripting XSS vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter...