PowerNews (Newsscript) 2.5.6 Local File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= PowerNews Newsscript 2.5.6 Local File Inclusion Vulnerabilities ================================================================= Digital Security Research Group DSecRG...

PowerNews 2.5.6 - Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG-08-014 Application: PowerNews Newsscript Versions Affected: 2.5.6 Vendor URL: http://www.powerscripts.org/ Bug: Multiple Local File Include Exploits: YES Reported: 01.02.2008 Vendor Response: none Solution: none Date of Public Advisory:...

Newsscript <= 0.5 Remote and Local File Include Vulnerability

Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High --------------------------------------------------------------------------------------------------------- Description : Newsscript is a PHP...

CVE-2006-4767

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...

CVE-2006-4766

Directory traversal vulnerability in print.php in Stefan Ernst Newsscript aka WM-News 0.5 beta allows remote attackers to read arbitrary files via a .. dot dot in the ide parameter...

CVE-2006-4766

CVE-2006-4766 concerns a directory traversal vulnerability in the print.php script of Stefan Ernst Newsscript (aka WM-News) 0.5 beta. The issue allows remote attackers to read arbitrary files by supplying a .. path segment in the ide parameter, exposing partial confidentiality. The available refe...

CVE-2006-4768

The CVE-2006-4768 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5 beta, where the add_go.php script is vulnerable to multiple direct static code injection via the parameters (description, issue, title, var, name, keywords, note) stored in an article file. This allows remote attackers to ...

CVE-2006-4767

The CVE-2006-4767 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5beta. The described vulnerabilities are directory traversal flaws caused by improper handling of a .. sequence: (1) in modify.php with the ide parameter could allow reading arbitrary local files, and (2) in add_go.php with ...

Newsscript 0.5 - Local/Remote File Inclusion

Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High --------------------------------------------------------------------------------------------------------- Description : Newsscript is a PHP...

Newsscript <= 0.5 Remote and Local File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================= Newsscript 2 3 27 include$filename; The second flaw is due to an input validation error in the "article.php" script that does not validate the "ide" parameter, which could be...

Newsscript version 0.5 &#40;print.php&#41; Local File Inclusion Vulnerability

Subject: --- "Newsscript version 0.5 print.php Local File Inclusion Vulnerability " Vulnerable version: --- "Newsscript version 0.5" Vendor URL: --- Emaill - [email protected] --- Website - http://webmaster-journal.com Available in: ---http://www.comscripts.com/scripts/php.wm-news.203.ht...

Newsscript &lt;= 0.5 Remote and Local File Include Vulnerability

No description provided by source. Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High ---------------------------------------------------------------------------------------------------------...

Newsscript 0.5 - LocalRemote File Inclusion

Newsscript 0.5 - LocalRemote File Inclusion Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High...

[SA21826] Stefan E. Newsscript Multiple Vulnerabilities

TITLE: Stefan E. Newsscript Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21826 VERIFY ADVISORY: http://secunia.com/advisories/21826/ CRITICAL: Highly critical IMPACT: Manipulation of data, Exposure of system information, Exposure of sensitive information, System access WHERE: From remote...

CVE-2006-4666

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the 1 ide parameter in a article.php; or the 2 pwfile parameter in b delete.php, c modify.php, d admin.php, or e modifygo.php...

CVE-2006-4666

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the 1 ide parameter in a article.php; or the 2 pwfile parameter in b delete.php, c modify.php, d admin.php, or e modifygo.php...

CVE-2006-4666

Multiple PHP remote file inclusion vulnerabilities affect Stefan Ernst Newsscript (aka WM-News) 0.5 beta. An attacker can cause arbitrary PHP code execution by supplying a URL in the vulnerable parameter: (1) ide in article.php, or (2) pwfile in delete.php, modify.php, admin.php, or modify_go.php...

Fuju News 1.0 Authentication Bypass / Remote SQL Injection Exploit

No description provided by source. ?php / |---==============================================================---| | /\¯\ /\¯\ | | \ \ \ \ \ \ | | / \ / \ / \ \ \ / / \ \ \ / /\ \ | | /, /\ /\ /\ \ \ \ /\ /\ \ \ \ /\ /\ \ / | | //\ \ \ / \\ \ \\ \ \ \\ \ | | // ////////...

CVE-2005-0735

newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin...

CVE-2005-0735

The CVE refers to NewsScript’s newsscript.pl CGI, where an attacker can escalate privileges remotely by sending mode=admin. Affected product: NewsScript (NewsScript.co.uk). Root cause: incomplete access validation in the CGI parameters allowing admin rights to be set via the mode parameter. Impac...