Lucene search
K

66 matches found

exploitpack
exploitpack
added 2005/03/01 12:0 a.m.21 views

PHPNews 1.2.31.2.4 - auth.php Remote File Inclusion

PHPNews 1.2.31.2.4 - auth.php Remote File Inclusion source: https://www.securityfocus.com/bid/12696/info It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2005/03/01 12:0 a.m.19 views

PHPNews 1.2.3/1.2.4 - 'auth.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/12696/info It is reported that PHPNews is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input. This issue reportedly affects PHPNews version 1.2.4, previous...

7.4AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-2474

SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php...

7.5CVSS8.4AI score0.01211EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2004/12/11 12:0 a.m.26 views

phpnews.txt

SQL Injection vulnerability in PHPNews 11/25/2004 Description: A vulnerability has been reported in PHPNews, which can be exploited by malicious people to conduct SQL injection attacks Input passed to the "mid" parameter in "sendtofriendphp" is not properly sanitised before being used in a SQL...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/11/30 12:0 a.m.36 views

PHPNews sendtofriend.php 'mid' Parameter SQLi

The PHPNews application running on the remote web server is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'mid' parameter tin the sendtofriend.php script. A remote attacker can exploit this to inject arbitrary SQL commands. %NASLMINLEVEL 70300 ...

7.5CVSS6.1AI score0.01211EPSS
Exploits0References1
securityvulns
securityvulns
added 2004/11/24 12:0 a.m.19 views

[SA13300] PHPNews "mid" Parameter SQL Injection Vulnerability

TITLE: PHPNews "mid" Parameter SQL Injection Vulnerability SECUNIA ADVISORY ID: SA13300 VERIFY ADVISORY: http://secunia.com/advisories/13300/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: PHPNews 1.x http://secunia.com/product/4313/ DESCRIPTION: A...

1.4AI score
Exploits0
Rows per page
Query Builder