59 matches found
EUVD-2012-5429
Malware in sbrugna...
EUVD-2009-3756
Malware in sbrugna...
EUVD-2006-1280
Malware in sbrugna...
EUVD-2009-3757
Malware in sbrugna...
EUVD-2007-2591
Malware in sbrugna...
EUVD-2013-4318
Malware in sbrugna...
EUVD-2008-5966
Malware in sbrugna...
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...
CVE-2009-3784
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2012-2724
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page...
Design/Logic Flaw
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page...
CVE-2012-2724
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page...
CVE-2012-2724
The vulnerability CVE-2012-2724 affects the Drupal Simplenews module (versions 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1). The root cause is information disclosure: when confirmation is required for new subscribers, the confirmation page reveals t...
SimpleNews <= 1.0.0 FINAL (print.php news_id) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w SimpleNews = 1.0.0 FINAL SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $newsid = $GET'newsid'; $query = SELECT FROM simplenewsarticles WHERE news...
CVE-2013-4447
Cross-site scripting XSS vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address...
Cross site scripting
Cross-site scripting XSS vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address...
CVE-2013-4447
Cross-site scripting XSS vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address...
CVE-2013-4447
The CVE-2013-4447 entry concerns a Cross‑Site Scripting (XSS) flaw in the Drupal Simplenews module API. Affected are Drupal 6.x-1.x lines prior to 6.x-1.5 and Drupal 7.x-1.x lines prior to 7.x-1.1, where an attacker could inject arbitrary scripts or HTML via an email address parameter. The vulner...
SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)
This module enables you to publish and send newsletters to lists of subscribers. The module also includes an API that other modules can use to register subscribers. The module doesn't sufficiently sanitize e-mail addresses prior to outputting. The provided forms sign-up, mass import, .. validate...
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...