EUVD-2008-1302

Malware in sbrugna...

EUVD-2007-2366

Malware in sbrugna...

EUVD-2002-1866

Malware in sbrugna...

EUVD-2007-2367

Malware in sbrugna...

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit

No description provided by source...

phpMyNewsletter <= 0.8b5 (archives.php msg_id) SQL Injection Exploit

...

phpMyNewsLetter 0.6.10 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow an attacker ...

phpMyNewsletter 0.8 Cross Site Scripting

HTTPCS Advisory : HTTPCS116 Product : phpMyNewsletter Version : v0.8 Page : /admin/?page=subscribers Variables : page=VulnHTTPCS Type : XSS Method : POST Description : A vulnerability has been discovered in phpMyNewsletter, which can be exploited by malicious people to conduct cross-site scriptin...

phpmynewsletter-sql.txt

!/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...

Sql injection

SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...

CVE-2008-1295

SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...

CVE-2008-1295

CVE-2008-1295 impacts phpMyNewsletter 0.8 beta 5 and earlier, where archives.php is vulnerable to SQL injection via the msg_id parameter. This allows remote attackers to potentially execute arbitrary SQL commands. The connected documents confirm the vulnerability description and existence of expl...

CVE-2008-1295

SQL injection vulnerability in archives.php in Gregory Kokanosky aka Greg's Place phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter...

phpMyNewsletter &lt;= 0.8b5 (archives.php msg_id) SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php / Name: PHPMyNewsletter = 0.8b5 SQL Injection Credits: Charles "real" F. charlesfolathotmail.fr Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter =...

phpMyNewsletter <= 0.8b5 (archives.php msg_id) SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================================== phpMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c = get$url."archives.php?msgid='%20UNION%20SELECT%201,1,adminemail,adminpass%20%20FROM%20pmnlconfig%2f%2a&listid=1";...

phpMyNewsletter 0.8b5 - msg_id SQL Injection

phpMyNewsletter 0.8b5 - msgid SQL Injection !/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...

phpMyNewsletter 0.8b5 - &#039;msg_id&#039; SQL Injection

!/usr/bin/php Date: 03-10-08 Conditions: magicquotesgpc=Off This exploit gets adminpass and adminemail from pmnlconfig. / print "\n"; print " PHPMyNewsletter \n\n"; if$argc\n"; $url = $argv1; $c =...

Code injection

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

Design/Logic Flaw

admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...

CVE-2007-2372

admin/sendmod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and listid fields; and send...