CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit for php platform in category web applications Exploit Title: Powie pNews 2.11 - SQL Injection / XSS Remote Vulnerabilities Date: 26/6/2012 Author: GoLdM Vendor or Software Link: http://powie.de/ Version: 2.11 Category:: SQL Injection / XSS Google dork: intext:"-- pNews 2.11 © Thomas...

7.1AI score

Exploits0

Cvelist•added 2008/09/30 6:0 p.m.•13 views

CVE-2008-4347

SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter...

8.4AI score0.00414EPSS

Exploits0References3

CVE•added 2008/09/30 6:0 p.m.•47 views

CVE-2008-4347

CVE-2008-4347 affects Powie pNews 2.03 (component: newskom.php). The vulnerability is a SQL injection via the newsid parameter, enabling remote attackers to execute arbitrary SQL commands. NVD lists a CVSS2 base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no authent...

7.5CVSS8.4AI score0.00414EPSS

Exploits0References3Affected Software1

exploitpack•added 2008/09/12 12:0 a.m.•16 views

pNews 2.03 - newsid SQL Injection

pNews 2.03 - newsid SQL Injection . . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com --d3hydr8 -rsauron-baltazar -sinner01 -C1c4Tr1Z - beenu ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE...

0.4AI score

Exploits0

Exploit DB•added 2008/09/12 12:0 a.m.•55 views

pNews 2.03 - 'newsid' SQL Injection

. . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com --d3hydr8 -rsauron-baltazar -sinner01 -C1c4Tr1Z - beenu ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE and all darkc0de members ---...

7.4AI score

Exploits0

Packet Storm•added 2008/09/12 12:0 a.m.•19 views

pnews203-sql.txt

7.4AI score

Exploits0

0day.today•added 2008/09/12 12:0 a.m.•22 views

pNews 2.03 (newsid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ====================================================== pNews 2.03 newsid Remote SQL Injection Vulnerability ====================================================== Title: Powie's pNews v2.03 newskom.php?newsid= Remote SQL Injection Exploit...

7.1AI score

Exploits0

Prion•added 2008/06/12 12:21 p.m.•14 views

Sql injection

SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter...

7.5CVSS9.1AI score0.00541EPSS

Exploits0References4Affected Software1

NVD•added 2008/06/12 12:21 p.m.•10 views

CVE-2008-2673

SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter...

7.5CVSS8.4AI score0.00541EPSS

Exploits0References4

Cvelist•added 2008/06/12 10:0 a.m.•17 views

CVE-2008-2673

SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter...

8.4AI score0.00541EPSS

Exploits0References4

CVE•added 2008/06/12 10:0 a.m.•36 views

CVE-2008-2673

CVE-2008-2673 describes a SQL injection vulnerability in the Powie pNews web app, affecting versions 2.08 and 2.10. When magic_quotes_gpc is disabled, the parameter shownews is vulnerable to arbitrary SQL execution by remote attackers. The vulnerability is documented with explicit affected compon...

7.5CVSS8.4AI score0.00541EPSS

Exploits0References4Affected Software1

seebug.org•added 2008/06/10 12:0 a.m.•16 views

pNews 2.08 (shownews) Remote SQL Injection Vulnerability

No description provided by source. pNews 2.08 Remote SqL nj. VuLn. OrginaL : http://biyosecurity.com & http://coderx.org Cr@zyKing / sqL L0v3r'Z Crew Co. 2008 Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=...

7.1AI score

Exploits0

Packet Storm•added 2008/06/10 12:0 a.m.•18 views

pnews-sql.txt

pNews 2.08 Remote SqL İnj. VuLn. OrginaL : http://biyosecurity.com & http://coderx.org Cr@zyKing / sqL L0v3r'Z Crew Co. 2008 Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=...

7.4AI score

Exploits0

exploitpack•added 2008/06/09 12:0 a.m.•12 views

pNews 2.08 - shownews SQL Injection

pNews 2.08 - shownews SQL Injection pNews 2.08 Remote SqL Ä°nj. VuLn. OrginaL : http://biyosecurity.com & http://coderx.org Cr@zyKing / sqL L0v3r'Z Crew Co. 2008 Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=...

1AI score

Exploits0

0day.today•added 2008/06/09 12:0 a.m.•19 views

pNews 2.08 (shownews) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== pNews 2.08 shownews Remote SQL Injection Vulnerability ======================================================== Script Down ;...

7.1AI score

Exploits0

Exploit DB•added 2008/06/09 12:0 a.m.•33 views

pNews 2.08 - 'shownews' SQL Injection

pNews 2.08 Remote SqL Ä°nj. VuLn. OrginaL : http://biyosecurity.com & http://coderx.org Cr@zyKing / sqL L0v3r'Z Crew Co. 2008 Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=...

7AI score

Exploits0

seebug.org•added 2006/12/24 12:0 a.m.•15 views

PNews Global.PHP远程文件包含漏洞

PNews是一款基于PHP的新闻管理程序。 PNews不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。问题是由于'Global.PHP'脚本对用户提交的'nbs'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 pNews Systems pNews 1.1 http://sourceforge.net/projects/phpnews-system/ http://www.example.com/includes/global.php?nbs=shell?...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by