EUVD-2001-0234

Malware in sbrugna...

CVE-2001-0234

NewsDaemon is affected prior to version 0.21b, where a malformed user_username parameter allows remote attackers to execute arbitrary SQL queries and gain administrative privileges on the web site. The issue enables remote access to administer NewsDaemon through the web interface. Remediation: up...

CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed userusername parameter...

NewsDaemon does not adequately filter user input to $user_username

Overview NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. Description NewsDaemon is a PHP-based tool used to allow readers to submit and comments on news items and stories over the web. It also allows for...

CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed userusername parameter...

NewsDaemon remote administrator access

SUMMARY ------- In all versions of NewsDaemon prior to 0.21b released 25 Jan 2001, it is possible to spoof a global variable in an HTTP request and obtain administrator access remotely. NewsDaemon is the PHP-based Web Log software that runs http://daily.daemonnews.org/ a popular news and discussi...

Дырка в NewsDaemon

Стандартная ошибка PHP-приложений, неинициализированный локальные переменные...