24 matches found
EUVD-2016-10858
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
CVE-2016-20052
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snewsfiles directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...
CVE-2016-20052
CVE-2016-20052 affects Snews CMS 1.7 and describes an unrestricted file upload vulnerability exploitable by unauthenticated attackers. The issue allows uploading arbitrary files—including PHP executables—to the snews_files directory via the multipart form-data upload endpoint. Attackers can then ...
CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
PT-2026-30349
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
PT-2026-30350
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...
sNews 1.7.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link :...
sNews CMS 1.7 Cross Site Request Forgery
Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version :...
sNews CMS 1.7 Shell Upload
Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version : 1.7latest 3...
sNews 1.7.1 - Arbitrary File Upload
sNews 1.7.1 - Arbitrary File Upload Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link :...
sNews 1.7.1 - Cross-Site Request Forgery
sNews 1.7.1 - Cross-Site Request Forgery Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link :...
sNews 1.7.1 - Arbitrary File Upload
Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version : 1.7latest 3...
sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...
sNews CMS 1.7.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent Remote Command Execution Cross Site Request Forgeries CSR...
sNews CMS 1.7.1 - Multiple Vulnerabilities
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...
CMS snews SQL injection and fix-vulnerability warning-the black bar safety net
Title: CMS snews SQL Injection Vulnerability Author: By onestree Download address : http://snewscms.com/ Test platform : ubuntu 12.10 / win 7 Keywords: inurl:"tanyakan pada rumput yang bergoyang" SQL poc: http://www.2cto.com /snews/snews. php? act=shownews&id=SQL Example...
CMS snews - SQL Injection
CMS snews - SQL Injection / | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : CMS snews SQL Injection Vulnerability Author : By onestree Software Link : http://snewscms.com/ tested : ubuntu 12.10 / win 7 Dork : inurl:"tanyakan pada rumput yang...
Snews CMS SQL Injection
/ | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : CMS snews SQL Injection Vulnerability Author : By onestree Software Link : http://snewscms.com/ tested : ubuntu 12.10 / win 7 Dork : inurl:"tanyakan pada rumput yang bergoyang" SQL poc:...
sNews v1.7.1 - File Upload Vulnerability
Document Title: =============== sNews v1.7.1 - File Upload Vulnerability Release Date: ============= 2011-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 142 Product & Service Introduction: =============================== sNews is a completely free, standards...
sNews v1.7.1 - File Upload Vulnerability
Document Title: =============== sNews v1.7.1 - File Upload Vulnerability Release Date: ============= 2011-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 142 Product & Service Introduction: =============================== sNews is a completely free, standards...