16 matches found
EUVD-2006-1818
Malware in sbrugna...
EUVD-2006-6978
Malware in sbrugna...
EUVD-2006-1817
Malware in sbrugna...
CVE-2006-6996
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the 1 title and 2 newspost parameters to a newsadd.php, and the 3 name, title, and 4 comment parameters to b news.php, a different set of vectors than...
CVE-2006-6996
CVE-2006-6996 concerns multiple XSS flaws in warforge.NEWS 1.0. The vulnerabilities allow remote attackers to inject arbitrary HTML or web script via parameters in two parts of the app: (a) newsadd.php (title and newspost) and (b) news.php (name, title, and comment). This is a separate vector set...
CVE-2006-6996
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the 1 title and 2 newspost parameters to a newsadd.php, and the 3 name, title, and 4 comment parameters to b news.php, a different set of vectors than...
warforge.NEWS
warforge.NEWS exploit i've paste it on: http://forum.zone-h.org/viewtopic.php?t=5468 ------------------------------------------------------------------------ ------------------------------------------------------------------ - warforge.NEWS =1.00 Multiple Vulnerabilities - -=...
[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities
New eVuln Advisory: warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities http://evuln.com/vulns/125/summary.html --------------------Summary---------------- eVuln ID: EV0125 CVE: CVE-2006-1817 CVE-2006-1818 Software: warforge.NEWS Sowtware's Web Site: http://www.thewarforge.com/ Versions:...
[SA19697] warforge.NEWS Multiple Vulnerabilities
TITLE: warforge.NEWS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19697 VERIFY ADVISORY: http://secunia.com/advisories/19697/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote REVISION: 1.1 originally posted 2006-04-19 SOFTWARE: warforge.NEWS 1...
Sql injection
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 authusername and possibly the 2 authpassword cookie...
CVE-2006-1817
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 authusername and possibly the 2 authpassword cookie...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the 1 firstname and 2 lastname parameter in myaccounts.php. NOTE: portions of these details were obtained from third par...
CVE-2006-1818
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the 1 firstname and 2 lastname parameter in myaccounts.php. NOTE: portions of these details were obtained from third par...
CVE-2006-1817
CVE-2006-1817 affects warforge.NEWS 1.0, where authcheck.php is vulnerable to SQL injection via cookies (authusername, possibly authpassword) when magic_quotes_gpc is off. This is a remote vulnerability with a LOW base score (2.6/10) and potential partial integrity impact. Exploitation details ar...
CVE-2006-1818
CVE-2006-1818 affects warforge.NEWS 1.0 with multiple XSS vectors. The description notes remote attackers can inject arbitrary web script or HTML via unspecified vectors, possibly including first_name and last_name in myaccounts.php. This entry is supported by NVD and related records showing XSS ...
CVE-2006-1817
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 authusername and possibly the 2 authpassword cookie...