12 matches found
EUVD-2006-0723
Malware in sbrugna...
sNews13.txt
sNews 1.3 http://snews.solucija.com -------------------------- Cross Site Scripting XSS -------------------------- POST http://target.xx:80/index.php HTTP/1.0 Accept: / Content-Type: application/x-www-form-urlencoded Host: target.xx Content-Length: 88 pojam=alert/EllipsisSecurityTest/&search=sear...
CVE-2006-0716
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the 1 category and 2 id parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field...
Sql injection
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the 1 category and 2 id parameters...
CVE-2006-0715
Cross-site scripting XSS vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field...
CVE-2006-0716
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the 1 category and 2 id parameters...
CVE-2006-0716
CVE-2006-0716: A SQL injection vulnerability in sNews 1.3—specifically in index.php—allows remote attackers to inject arbitrary SQL via the category and id parameters. The connected documents confirm the affected software (sNews 1.3) and the vulnerable component (index.php) with the underlying is...
CVE-2006-0715
Cross-site scripting XSS vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field...
CVE-2006-0715
CVE-2006-0715 concerns an XSS vulnerability in sNews 1.3, where the comment field can be exploited to inject arbitrary web script/HTML. The affected software is sNews 1.3; the vulnerability is a cross-site scripting issue via user-supplied input in comments. The connected sources confirm the desc...
CVE-2005-3853
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 id and 2 category parameters to index.php...
sNews 1.3 SQL injection.
sNews 1.3 SQL injection. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/snews-13-sql-injection.html Vendor:http://www.solucija.com/ affected vesion:1.3 and prior Vuln. Description: Input passed to the "id" and "category" parameter in "index.php"...