Lucene search
K

53 matches found

CVE
CVE
added 2007/10/06 8:0 p.m.35 views

CVE-2004-2690

CVE-2004-2690 concerns an unrestricted file upload vulnerability in the NewsPHP Administration Panel. The issue permits remote authenticated administrators to upload and execute arbitrary code instead of video files, indicating a flaw in how uploaded content is validated and handled by the panel....

8.5CVSS7.7AI score0.02395EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/07/06 8:5 p.m.13 views

CVE-2006-3359

Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 topmenuitem, and 4 catid parameters in a index.php; and the 5 category parameter in b inc/rssfeed.php...

7.5CVSS7.5AI score0.01102EPSS
Exploits0References5
NVD
NVD
added 2006/07/06 8:5 p.m.18 views

CVE-2006-3358

Multiple cross-site scripting XSS vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 catid, and 4 tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of...

6.8CVSS6.5AI score0.01617EPSS
Exploits0References8
Cvelist
Cvelist
added 2006/07/06 8:0 p.m.17 views

CVE-2006-3359

Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the 1 words, 2 id, 3 topmenuitem, and 4 catid parameters in a index.php; and the 5 category parameter in b inc/rssfeed.php...

7.5AI score0.01102EPSS
Exploits0References5
CVE
CVE
added 2006/07/06 8:0 p.m.40 views

CVE-2006-3359

CVE-2006-3359 affects NewsPHP 2006 PRO, with multiple SQL injection flaws in index.php (parameters: words, id, topmenuitem, cat_id) and in inc/rss_feed.php (category). Attackers could inject arbitrary scripts via these parameters. Public records (NVD/CVELIST) describe the vulnerability and impact...

7.5CVSS7.9AI score0.01102EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/07/06 8:0 p.m.49 views

CVE-2006-3358

CVE-2006-3358 describes multiple cross-site scripting (XSS) vulnerabilities in NewsPHP 2006 PRO, exploitable via the (1) words, (2) id, (3) cat_id, and (4) tim parameters in index.php. These inputs are returned in an error page without proper sanitization, enabling injection of arbitrary script/H...

6.8CVSS6.6AI score0.01617EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2006/07/02 12:0 a.m.51 views

NewsPHP 2006 PRO XSS SQL injection Vulnerability

http://newsphp.com ------------------ Cross Site Scripting XSS ------------------ http://target.xx/?words=3Cscript3Ealert/Ellipsis20Security20Test/3C/script3E&where=1 http://target.xx/index.php?id=3Cscript3Ealert22Ellipsis20Security20Test223C/script3E...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2006/07/02 12:0 a.m.25 views

newsphpXSS.txt

http://newsphp.com ------------------ Cross Site Scripting XSS ------------------ http://target.xx/?words=%3Cscript%3Ealert/Ellipsis%20Security%20Test/%3C/script%3E&where=1 http://target.xx/index.php?id=%3Cscript%3Ealert%22Ellipsis%20Security%20Test%22%3C/script%3E...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/06/29 12:0 a.m.15 views

newsPHP 2006 PRO - index.php Multiple SQL Injections

newsPHP 2006 PRO - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2006/06/29 12:0 a.m.11 views

newsPHP 2006 PRO - index.php Multiple Cross-Site Scripting Vulnerabilities

newsPHP 2006 PRO - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due t...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2006/06/29 12:0 a.m.11 views

newsPHP 2006 PRO - incrss_feed.php?category SQL Injection

newsPHP 2006 PRO - incrssfeed.php?category SQL Injection source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/29 12:0 a.m.22 views

newsPHP 2006 PRO - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/29 12:0 a.m.28 views

newsPHP 2006 PRO - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/29 12:0 a.m.28 views

newsPHP 2006 PRO - '/inc/rss_feed.php?category' SQL Injection

source: https://www.securityfocus.com/bid/18726/info NewsPHP 2006 PRO is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/04/30 12:0 a.m.30 views

NewsPHP <= All (news.php?include) Multiple Remote File Inclusion Vulnerabilities.

NewsPHP = All news.php?include Multiple Remote File Inclusion Vulnerabilities. Credit : WiLdBoY Exp Link : http://root-security.t35.com/Exploit.pl Thanx Security.nnuv.ru ; -- Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/26 12:0 a.m.32 views

Newsphp Multiple SQL Injection Vulnerabilities

Software: NewsPHP Web Site: http://www.newsphp.com Versions: All Type: Multiple SQL Injection Class: Remote Exploit : 1- http://www.target.com/index.php?discuss=SQL 2- http://www.target.com/index.php?tim=SQL 3- http://www.target.com/index.php?id=SQL 4-...

0.1AI score
Exploits0
NVD
NVD
added 2006/01/25 11:3 a.m.9 views

CVE-2006-0413

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...

7.5CVSS8.5AI score0.01222EPSS
Exploits1References6
Prion
Prion
added 2006/01/25 11:3 a.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...

7.5CVSS9.3AI score0.01222EPSS
Exploits1References6
CVE
CVE
added 2006/01/25 11:0 a.m.36 views

CVE-2006-0413

NewsPHP is affected by multiple SQL injection vulnerabilities in index.php, exploitable via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameters. Remote attackers could execute arbitrary SQL commands due to unsafely constructed inputs in these parameters. The available documents d...

7.5CVSS8.5AI score0.01222EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/01/25 11:0 a.m.16 views

CVE-2006-0413

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the 1 discuss, 2 tim, 3 id, 4 last, and 5 limit parameter...

8.5AI score0.01222EPSS
Exploits1References6
Rows per page
Query Builder