44 matches found
EUVD-2005-2896
Malware in sbrugna...
Web//News 1.4 Parser.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20239/info Web//News is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...
Stylemotion WEB//NEWS 1.4 news.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitatio...
Stylemotion WEB//NEWS 1.4 startup.php Cookie SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitatio...
Stylemotion WEB//NEWS 1.4 print.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitatio...
Web-News <= 1.6.3 (template.php) Remote File Include Vulnerability
No description provided by source...
webnews-sql.txt
HACKATTACK Advisory 20081016WEB//NEWS SQL Injection and Cookie Manipulation Details ======= Product: WEB//NEWS Security-Risk: high Remote-Exploit: yes Vendor-URL: http://www.stylemotion.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation
HACKATTACK Advisory 20081016WEB//NEWS SQL Injection and Cookie Manipulation Details ======= Product: WEB//NEWS Security-Risk: high Remote-Exploit: yes Vendor-URL: http://www.stylemotion.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
phpwebnews 'bukutamu.php' SQL注入漏洞
BUGTRAQ ID: 30080 CNCAN ID:CNCAN-2008070702 phpwebnews是一款基于PHP的WEB应用程序。 phpwebnews不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'bukutamu.php'脚本对用户提交给'det'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Surat kabar phpwebnews 0.2 Surat kabar phpwebnews 0.1 目前没有解决方案提供:...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...
CVE-2007-4329
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...
CVE-2007-4329
CVE-2007-4329 concerns Web News 1.1, where multiple PHP remote file inclusion vulnerabilities allow an attacker to execute arbitrary PHP code by passing a URL in the config[root_ordner] parameter to one of three scripts: index.php, news.php, or feed.php. The source of the flaw is a lack of proper...
CVE-2007-4329
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter to 1 index.php, 2 news.php, or 3 feed.php...
webnews-rfi.txt
Web News 1.1 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Web News Version : 1.1 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : Kurdish Hackers...
Web News 1.1 Remote Command Execution Vulnerability
Web News 1.1 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Web News Version : 1.1 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : Kurdish Hackers...
CVE-2006-5100
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS aka webnews 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WNBASEDIR parameter...
CVE-2006-5100
CVE-2006-5100 affects WEB//NEWS (aka webnews) 1.4 and earlier. The vulnerability is a PHP remote file inclusion in parse/parser.php that lets an attacker supply a URL via the WN_BASEDIR parameter and cause remote PHP code execution. Affected component is the webnews parser; root cause involves in...
EUVD-2006-5085
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS aka webnews 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WNBASEDIR parameter...
CVE-2006-5100
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS aka webnews 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WNBASEDIR parameter...
CVE-2006-5053
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the contentpage parameter...