7 matches found
EUVD-2006-1817
Malware in sbrugna...
CVE-2006-6996
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the 1 title and 2 newspost parameters to a newsadd.php, and the 3 name, title, and 4 comment parameters to b news.php, a different set of vectors than...
Sql injection
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 authusername and possibly the 2 authpassword cookie...
CVE-2006-1817
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the 1 authusername and possibly the 2 authpassword cookie...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the 1 firstname and 2 lastname parameter in myaccounts.php. NOTE: portions of these details were obtained from third par...
CVE-2006-1818
CVE-2006-1818 affects warforge.NEWS 1.0 with multiple XSS vectors. The description notes remote attackers can inject arbitrary web script or HTML via unspecified vectors, possibly including first_name and last_name in myaccounts.php. This entry is supported by NVD and related records showing XSS ...
CVE-2006-1817
CVE-2006-1817 affects warforge.NEWS 1.0, where authcheck.php is vulnerable to SQL injection via cookies (authusername, possibly authpassword) when magic_quotes_gpc is off. This is a remote vulnerability with a LOW base score (2.6/10) and potential partial integrity impact. Exploitation details ar...