13 matches found
EUVD-2007-4843
Malware in sbrugna...
EUVD-2007-4844
Malware in sbrugna...
Saxon 5.4 Example.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26238/info Saxon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Saxon 5.4 Menu.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26237/info Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...
CVE-2007-4862
Cross-site scripting XSS vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the confignewsurl parameter...
Design/Logic Flaw
SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...
CVE-2007-4862
Cross-site scripting XSS vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the confignewsurl parameter...
CVE-2007-4861
SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...
CVE-2007-4861
SAXON 5.4 is affected by multiple path disclosure flaws when display_errors is enabled. Exploitation vectors include direct requests to news.php, improper handling of newsid in admin/edit-item.php, and other scripts under admin/, rss/, and the installation root, which reveal server paths in error...
CVE-2007-4862
CVE-2007-4862 is a documented XSS vulnerability affecting SAXON 5.4 in admin/menu.php via config[news_url]. Exploitation requires register_globals On and magic_quotes_gpc Off; the NVD/NVD-derived reports list a Medium impact (I/P) and network access with no confidentiality or availability impact,...
CVE-2007-4863
The CVE-2007-4863 entry concerns SAXON version 5.4, where a SQL injection vulnerability exists in example.php via the template parameter. The vulnerability arises when PHP magic_quotes_gpc is Off, allowing remote attackers to execute arbitrary SQL commands, potentially exposing data or altering i...
SAXON version 5.4 XSS Attack Vulnerability
netVigilance Security Advisory 54 SAXON version 5.4 XSS Attack Vulnerability Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per...
Saxon 5.4 - Example.php SQL Injection
Saxon 5.4 - Example.php SQL Injection source: https://www.securityfocus.com/bid/26238/info Saxon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...