13 matches found
EUVD-2007-3320
Malware in sbrugna...
EUVD-2007-3321
Malware in sbrugna...
CVE-2007-3331
Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...
CVE-2007-3330
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
Cross site scripting
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...
CVE-2007-3330
Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...
CVE-2007-3331
Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...
CVE-2007-3331
CVE-2007-3331 describes a cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 . The issue allows remote attackers to change the admin password through either (a) a specific HTML form auto-posted by JavaScript or (b) a crafted news post. The provided sources reiterate that CS...
CVE-2007-3330
CVE-2007-3330 describes a stored cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a news post that is stored in the news/ directory without proper sanitization. The root cause is the lack of input/outp...
CVE-2006-6866
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt...
CVE-2006-6866
This CVE concerns STphp EasyNews PRO 4.0, where sensitive data is stored under the web root with insufficient access control. The vulnerability allows remote attackers to retrieve usernames, email addresses, and password hashes via a direct request for data/users.txt. The root cause is inadequate...
CVE-2006-6866
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt...