21 matches found
EUVD-2006-6501
Malware in sbrugna...
EUVD-2006-6502
Malware in sbrugna...
EUVD-2006-6563
Malware in sbrugna...
ProNews 1.5 admin/change.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently...
ProNews 1.5 lire-avis.php aa Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently...
ProNews 1.5 lire-avis.php aa Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently...
CVE-2006-6580
admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6580
The connected sources confirm a vulnerability in ProNews 1.5 where admin/change.php does not verify that a user is authorized to modify news items. This permits remote attackers to add or delete information within an item and potentially cause other impacts. Root cause: missing access control che...
CVE-2006-6580
admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6519
SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter...
CVE-2006-6518
Multiple cross-site scripting XSS vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 pseudo, 2 email, 3 date, 4 sujet, 5 message, 6 site, and 7 lien parameters to a admin/change.php, and the 8 aa parameter to b lire-avis.php...
CVE-2006-6519
CVE-2006-6519 describes an SQL injection in the ProNews 1.5 component, specifically in the file lire-avis.php . The vulnerability is triggered via the aa parameter, allowing remote attackers to execute arbitrary SQL commands. The available documents attribute the issue to improper handling of use...
CVE-2006-6518
CVE-2006-6518 affects ProNews 1.5 and involves multiple reflected cross-site scripting (XSS) flaws. The vulnerability is triggered by unsanitized user-controllable input in several parameters: (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien to admin/change.php, and...
CVE-2006-6519
SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter...
pronews15.txt
ProNews V1.5 -------------------- Vendor site: http://www.scripthp.com/ Product: ProNews V1.5 Vulnerability: XSS & SQL Injection Vulnerability Credits: MrKaLiMaN Reported to Vendor: 01.12.06 Public disclosure: 09.12.06 Description: ------------ XSS permanent:...
ProNews V1.5 XSS & SQL Injection
ProNews V1.5 -------------------- Vendor site: http://www.scripthp.com/ Product: ProNews V1.5 Vulnerability: XSS & SQL Injection Vulnerability Credits: MrKaLiMaN Reported to Vendor: 01.12.06 Public disclosure: 09.12.06 Description: ------------ XSS permanent:...
ProNews 1.5 - lire-avis.php?aa SQL Injection
ProNews 1.5 - lire-avis.php?aa SQL Injection source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to...
ProNews 1.5 - lire-avis.php?aa Cross-Site Scripting
ProNews 1.5 - lire-avis.php?aa Cross-Site Scripting source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails...
ProNews 1.5 - adminchange.php Multiple Cross-Site Scripting Vulnerabilities
ProNews 1.5 - adminchange.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, becau...
ProNews 1.5 - 'lire-avis.php?aa' SQL Injection
source: https://www.securityfocus.com/bid/21516/info ProNews is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues, an SQL-injection issue, and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input. A...