47 matches found
EUVD-2012-1943
Malware in sbrugna...
EUVD-2013-0741
Malware in sbrugna...
EUVD-2012-4604
Malware in sbrugna...
EUVD-2012-1944
Malware in sbrugna...
EUVD-2012-1942
Malware in sbrugna...
EUVD-2020-4149
Malware in sbrugna...
CVE-2013-0730
Multiple cross-site scripting XSS vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 language parameter to application/modules/admin/controllers/LanguagesController.php or 2 user parameter to...
Sourcefabric Newscoop Code Issue Vulnerability
Sourcefabric Newscoop is a content management system. A code issue vulnerability exists in Sourcefabric Newscoop version 4.4.7. An attacker can exploit this vulnerability to execute arbitrary PHP code on the server...
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...
Unrestricted file upload
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...
CVE-2020-11807
The CVE-2020-11807 entry concerns Sourcefabric Newscoop 4.4.7 where an authenticated user can upload a file of a dangerous type via the avatar update. The authenticated user can then access the avatar under /images/ to cause arbitrary PHP code execution (and, in some cases, terminal commands) on ...
CVE-2020-11807
Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...
newscoop 3.5.3 - Multiple Vulnerabilities
No description provided by source...
CVE-2013-0730
Multiple cross-site scripting XSS vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 language parameter to application/modules/admin/controllers/LanguagesController.php or 2 user parameter to...
CVE-2013-0730
Newscoop 4.x through 4.1.0 contains multiple XSS vulnerabilities that allow remote attackers to inject arbitrary scripts via two vectors: the language parameter in app/modules/admin/controllers/LanguagesController.php and the user parameter in app/modules/admin/controllers/UserController.php. The...
CVE-2013-0730
Multiple cross-site scripting XSS vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 language parameter to application/modules/admin/controllers/LanguagesController.php or 2 user parameter to...
Sourcefabric Newscoop - f_email SQL Injection
Sourcefabric Newscoop - femail SQL Injection source: https://www.securityfocus.com/bid/56800/info Newscoop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Sourcefabric Newscoop - 'f_email' SQL Injection
source: https://www.securityfocus.com/bid/56800/info Newscoop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
Newscoop 4.0.2 Path Disclosure / SQL Injection
================================================================================ Vulnerable Software: Newscoop 4.0.2 Official site: sourcefabric.org Vulnerabilities: Blind SQLi & Path Disclosure Condition to exploit this vulnerability: GPC must be set OFF. Discovered by: AkaStep && KASIBOGLAN...