EUVD-2005-0648

Malware in sbrugna...

EUVD-2005-0647

Malware in sbrugna...

EUVD-2005-0486

Malware in sbrugna...

PANews 2.0 - Remote PHP Script Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php...

PaNews 2.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12576/info PaNews is reportedly affected by a cross-site scripting vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. As a result of this vulnerability, it is possible...

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysqlprefix parameter...

CVE-2005-0647

adminsetup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the 1 $formcomments or 2 $formautoapprove parameters, which are written to config.php...

paNews 2.0.4b Multiple Input Validation Vulnerabilities

The remote host is running a version of paNews that suffers from the following vulnerabilities: - SQL Injection Issue in the 'login' method of includes/auth.php. A remote attacker can leverage this vulnerability to add users with arbitrary privileges. - Local Script Injection Vulnerability in...

paNews 2.0b4 Remote Admin Creation SQL Injection Exploit

No description provided by source. / paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date: 04/03/2005 e-mail...

paNews 2.0b4 - Remote Admin Creation SQL Injection

/ paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date: 04/03/2005 e-mail: anacrongroupitalyatautisticidotor...

paNews 2.0b4 - Remote Admin Creation SQL Injection

paNews 2.0b4 - Remote Admin Creation SQL Injection / paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for create a new user with admin privileges on paNews software system. References: packetstormsecurity.org/0503-exploits/panews.txt coded by: Silentium of Anacron Group Italy date:...

paNews 2.0b4 Remote Admin Creation SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== paNews 2.0b4 Remote Admin Creation SQL Injection Exploit ======================================================== / paNews v2.0b4 silePNEWSxpl This exploit utilize SQL injection for...

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysqlprefix parameter...

CVE-2005-0647

The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...

CVE-2005-0647

adminsetup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the 1 $formcomments or 2 $formautoapprove parameters, which are written to config.php...

CVE-2005-0646

CVE-2005-0646 affects paNews 2.0.4b; SQL injection via includes/auth.php using the mysql_prefix parameter allows remote attackers to execute arbitrary SQL. The NVD entry lists a base score of 7.5 (HIGH) with network access and no authentication required; impact is partial confidentiality, integri...

paNews Detection

The remote host is running paNews, a news management application written in PHP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid17253; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate",...

panews.txt

===================================================== paNews 2.0b4: SQL Injection and remote code execution ===================================================== FraMe - frame at kernelpanik.org http://www.kernelpanik.org ===================================================== paNews es un script...

paNews20b4.txt

PersianHacker.NET 200505-06 paNews v2.0b4 XSS Vulnerability Date: 2005 February Bug Number: 06 paNews is a news management script to use on your site. Users can use paCode, special code designed to allow the adding of images and font changes in the posts without allowing users to use HTML to post...

paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection

The remote host is running a version of paNews that fails to properly sanitize input passed to the script 'includes/adminsetup.php' and, in addition, allows writes by the web user to the directory 'includes' not the default configuration. Taken together, these flaws allow a remote attacker to run...