29 matches found
EUVD-2005-2169
Malware in sbrugna...
EUVD-2005-2168
Malware in sbrugna...
EUVD-2005-2167
Malware in sbrugna...
CVE-2005-2168
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...
CVE-2005-2167
Cross-site scripting XSS vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter...
Trellix 2024 Threat Predictions
Trellix 2024 Threat Predictions By Trellix · October 30, 2023 Introduction This last year we have seen upheaval across the cybersecurity landscape. The need for effective, worldwide threat intelligence continues to grow as geopolitical and economic developments create an increasingly complicated...
Plague Inc. - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application Plague Inc. published at the 'play' market has multiple vulnerabilities...
Invaders Inc. - Plague FREE - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Invaders Inc. - Plague FREE published at the 'play' market has multiple vulnerabilities...
Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...
Plague News System 0.7 Delete.PHP Access Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14139/info Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script. A remote attacker...
Plague News System 0.7 CID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14136/info Plague News System is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. Other attacks may be possible dependi...
Passcode Bypass Bug and Email Attachment Encryption Plague iOS 7.1.1
Another iPhone passcode bypass is making the rounds this week that reportedly allows users to trick Siri into skirting around the device’s usual lockscreen to view, edit and call any of the phone’s contacts. The flaw apparently affects the most recent iOS build, 7.1.1 and allows the bypass of bot...
CVE-2005-2166
CVE-2005-2166 targets Plague News System (version 0.6 and earlier). The vulnerability is a SQL injection in index.php via the cid parameter, enabling remote attackers to execute arbitrary SQL commands. Connected PT-2005-3098 notes affected versions and confirms no publicly known fix in newer vers...
CVE-2005-2167
Plague News System vulnerable to cross-site scripting (XSS) in index.php via the cid parameter for versions 0.6 and earlier. Exploitation could inject arbitrary script/HTML into pages viewed by other users; impact is partial confidentiality/integrity (per CVSS details). No exploit code is provide...
CVE-2005-2168
Plague News System 0.6 and earlier is affected. The delete.php file allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter, due to an insufficient authorization/authentication check in delete.php. Impact is unauthorized content deletion....
CVE-2005-2166
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2005-2166
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...
CVE-2005-2167
Cross-site scripting XSS vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter...
CVE-2005-2168
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...
PT-2005-3098 · Plague · Plague News System
Name of the Vulnerable Software and Affected Versions: Plague News System versions 0.6 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cid parameter in the "index.php" endpoint. Recommendations: For Plague News System versions...