2 matches found
P-News p-news.php Name Field Privilege Escalation
The remote host is running the p-news bulletin board. There is a flaw in the version in use which may allow an attacker who has a 'Member' account to upgrade its privileges to administrator by supplying a malformed username. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Peter...
P-News 1.16 - Administrative Account Creation
P-News 1.16 - Administrative Account Creation source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input...