21 matches found
EUVD-2006-0731
Malware in sbrugna...
EUVD-2006-0729
Malware in sbrugna...
EUVD-2006-0730
Malware in sbrugna...
CVE-2006-4823
CVE-2006-4823 is a PHP remote file inclusion vulnerability in the Reamday Enterprises Magic News Pro 1.0.3 and earlier . The flaw allows an attacker to execute arbitrary PHP code via a URL supplied in the script_path parameter, enabling remote code execution. The connected NVD entries confirm the...
EV0072.txt
New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...
[eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification
New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...
[eVuln] Magic Downloads Unauthorized Data Modification
New eVuln Advisory: Magic Downloads Unauthorized Data Modification http://evuln.com/vulns/73/summary.html --------------------Summary---------------- eVuln ID: EV0073 CVE: CVE-2006-0722 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Downloads Sowtware's Web...
EV0073.txt
New eVuln Advisory: Magic Downloads Unauthorized Data Modification http://evuln.com/vulns/73/summary.html --------------------Summary---------------- eVuln ID: EV0073 CVE: CVE-2006-0722 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Downloads Sowtware's Web...
[eVuln] Magic Calendar Lite Authentication Bypass
New eVuln Advisory: Magic Calendar Lite Authentication Bypass http://evuln.com/vulns/71/summary.html --------------------Summary---------------- eVuln ID: EV0071 CVE: CVE-2006-0673 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Calendar Lite Sowtware's Web...
Remote file inclusion
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the phpscriptpath parameter...
Authentication flaw
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...
CVE-2006-0724
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are not...
CVE-2006-0723
The CVE-2006-0723 entry affects Reamday Enterprises’ Magic News Lite 1.2.3. It is a PHP remote file inclusion in preview.php when register_globals is ON, allowing a remote attacker to include arbitrary files via a URL in the php_script_path parameter. The vulnerability arises from an include() ca...
CVE-2006-0724
CVE-2006-0724 affects Reamday Enterprises’ Magic News Lite 1.2.3. The vulnerability exists in profile.php where several parameters (action, passwd, admin_password, new_passwd, confirm_passwd) are not initialized when register_globals is enabled. This allows remote attackers to modify program beha...
CVE-2006-0723
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when registerglobals is enabled, allows remote attackers to include arbitrary files via a URL in the phpscriptpath parameter...
CVE-2006-0722
settings.php in Reamday Enterprises Magic Downloads 1.1.3, when registerglobals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified 1 action, 2 passwd, 3 adminpassword, 4 newpasswd, and 5 confirmpasswd variables, which are no...
CVE-2006-0722
CVE-2006-0722 affects Reamday Enterprises’ Magic Downloads 1.1.3. When register_globals is ON, the vulnerable settings.php allows remote attackers to modify program behavior via uninitialized variables (action, passwd, admin_password, new_passwd, confirm_passwd), potentially bypassing authenticat...
[SA18601] Reamday Enterprises Magic News Password Change Bypass
TITLE: Reamday Enterprises Magic News Password Change Bypass SECUNIA ADVISORY ID: SA18601 VERIFY ADVISORY: http://secunia.com/advisories/18601/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Reamday Enterprises Magic News Plus 1.x http://secunia.com/product/698...
CVE-2006-0157
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...
CVE-2006-0157
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and adminpassword parameters, then declares the new password string in the newpasswd and confirmpasswd paramete...