8 matches found
EUVD-2008-7019
Malware in sbrugna...
EUVD-2008-7018
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the 1 title or 2 content parameters in a news item to add.php, and the 3 itemnum, 4 author, or 5 comment parameters in a comment to index.php. NOTE: vectors 1 an...
Sql injection
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter...
CVE-2008-7060
Multiple cross-site scripting XSS vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the 1 title or 2 content parameters in a news item to add.php, and the 3 itemnum, 4 author, or 5 comment parameters in a comment to index.php. NOTE: vectors 1 an...
CVE-2008-7059
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter...
CVE-2008-7060
CVE-2008-7060 concerns One-News Beta 2 and involves multiple cross-site scripting (XSS) vulnerabilities. The XSS can be triggered via the title or content fields of a news item (add.php) and via itemnum, author, or comment fields of a comment (index.php). Vectors 1 and 2 require user authenticati...
CVE-2008-7059
CVE-2008-7059 describes an SQL injection vulnerability in the index.php of One-News Beta 2, exploitable via the q parameter. This allows remote attackers to execute arbitrary SQL commands. The issue is classified with a CVSS v2 base score of 7.5 (HIGH) with network access, low complexity, and no ...