53 matches found
CVE-2004-2690
CVE-2004-2690 concerns an unrestricted file upload vulnerability in the NewsPHP Administration Panel. The issue permits remote authenticated administrators to upload and execute arbitrary code instead of video files, indicating a flaw in how uploaded content is validated and handled by the panel....
CVE-2006-3359
Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 topmenuitem, and 4 catid parameters in a index.php; and the 5 category parameter in b inc/rssfeed.php...
CVE-2006-3358
Multiple cross-site scripting XSS vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 catid, and 4 tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of...
CVE-2006-3359
Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 topmenuitem, and 4 catid parameters in a index.php; and the 5 category parameter in b inc/rssfeed.php...
CVE-2006-3359
CVE-2006-3359 affects NewsPHP 2006 PRO, with multiple SQL injection flaws in index.php (parameters: words, id, topmenuitem, cat_id) and in inc/rss_feed.php (category). Attackers could inject arbitrary scripts via these parameters. Public records (NVD/CVELIST) describe the vulnerability and impact...
CVE-2006-3358
CVE-2006-3358 describes multiple cross-site scripting (XSS) vulnerabilities in NewsPHP 2006 PRO, exploitable via the (1) words, (2) id, (3) cat_id, and (4) tim parameters in index.php. These inputs are returned in an error page without proper sanitization, enabling injection of arbitrary script/H...
NewsPHP 2006 PRO XSS SQL injection Vulnerability
http://newsphp.com ------------------ Cross Site Scripting XSS ------------------ http://target.xx/?words=3Cscript3Ealert/Ellipsis20Security20Test/3C/script3E&where=1 http://target.xx/index.php?id=3Cscript3Ealert22Ellipsis20Security20Test223C/script3E...
newsphpXSS.txt
http://newsphp.com ------------------ Cross Site Scripting XSS ------------------ http://target.xx/?words=%3Cscript%3Ealert/Ellipsis%20Security%20Test/%3C/script%3E&where=1 http://target.xx/index.php?id=%3Cscript%3Ealert%22Ellipsis%20Security%20Test%22%3C/script%3E...
newsPHP 2006 PRO - index.php Multiple SQL Injections
newsPHP 2006 PRO - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...
newsPHP 2006 PRO - index.php Multiple Cross-Site Scripting Vulnerabilities
newsPHP 2006 PRO - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due t...
newsPHP 2006 PRO - incrss_feed.php?category SQL Injection
newsPHP 2006 PRO - incrssfeed.php?category SQL Injection source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...
newsPHP 2006 PRO - 'index.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
newsPHP 2006 PRO - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
newsPHP 2006 PRO - '/inc/rss_feed.php?category' SQL Injection
source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...
NewsPHP <= All (news.php?include) Multiple Remote File Inclusion Vulnerabilities.
NewsPHP = All news.php?include Multiple Remote File Inclusion Vulnerabilities. Credit : WiLdBoY Exp Link : http://root-security.t35.com/Exploit.pl Thanx Security.nnuv.ru ; -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox...
Newsphp Multiple SQL Injection Vulnerabilities
Software: NewsPHP Web Site: http://www.newsphp.com Versions: All Type: Multiple SQL Injection Class: Remote Exploit : 1- http://www.target.com/index.php?discuss=SQL 2- http://www.target.com/index.php?tim=SQL 3- http://www.target.com/index.php?id=SQL 4-...
CVE-2006-0413
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...
Sql injection
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...
CVE-2006-0413
NewsPHP is affected by multiple SQL injection vulnerabilities in index.php, exploitable via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameters. Remote attackers could execute arbitrary SQL commands due to unsafely constructed inputs in these parameters. The available documents d...
CVE-2006-0413
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...