4 matches found
Code injection
Direct static code injection vulnerability in admin/config.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php...
CVE-2006-1544
Multiple cross-site scripting XSS vulnerabilities in news.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 autorkomentarza and 2 tresckomentarza parameters...
CVE-2006-1544
Multiple cross-site scripting XSS vulnerabilities in news.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 autorkomentarza and 2 tresckomentarza parameters...
CVE-2006-1543
Multiple SQL injection vulnerabilities in vscripts aka Kuba Kunkiewicz VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 loginvar parameter in a admin/admin.php, and the 2 news and 3 nom parameters in b news.php...