21 matches found
EUVD-2002-2025
Malware in sbrugna...
Directory traversal
Directory traversal vulnerability in archives.php in Xpression News X-News 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. dot dot in the xnews-template parameter...
CVE-2007-1040
Directory traversal vulnerability in archives.php in Xpression News X-News 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. dot dot in the xnews-template parameter...
Directory traversal
Directory traversal vulnerability in news.php in Xpression News X-News 1.0.1, when magicquotesgpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. dot dot in the xnews-template parameter. NOTE: the provenance of this information is unknown;...
CVE-2007-1040
Directory traversal vulnerability in archives.php in Xpression News X-News 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. dot dot in the xnews-template parameter...
CVE-2007-1040
Xpression News (X-News) 1.0.1 is affected by a directory traversal in archives.php. The xnews-template parameter accepts a .. path traversal, enabling remote attackers to include arbitrary files or view sensitive information. The vulnerability is confirmed in CVE-2007-1040 and is documented with...
CVE-2007-1042
Directory traversal vulnerability in news.php in Xpression News X-News 1.0.1, when magicquotesgpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. dot dot in the xnews-template parameter. NOTE: the provenance of this information is unknown;...
CVE-2007-1042
CVE-2007-1042 affects Xpression News (X-News) 1.0.1. A directory traversal vulnerability in news.php allows remote attackers to include arbitrary files or read sensitive information via the xnews-template parameter when magic_quotes_gpc is disabled. The underlying issue is path traversal (dot-dot...
x-news 1.1 (users.txt) Remote Password Disclosure Vulnerability
No description provided by source. x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit:...
x-news 1.1 Password Disclosure Vulnerability
x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit: http://target/xnewspath/news/db/users.txt Showexample:...
x-news 1.1 (users.txt) Remote Password Disclosure Vulnerability
Exploit for unknown platform in category web applications =============================================================== x-news 1.1 users.txt Remote Password Disclosure Vulnerability =============================================================== Affected Software: x-news 1.1 x-news Website:...
x-news 1.1 - users.txt Remote Password Disclosure
x-news 1.1 - users.txt Remote Password Disclosure x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit:...
x-news 1.1 - 'users.txt' Remote Password Disclosure
x-news 1.1 Password Disclosure Vulnerability Affected Software: x-news 1.1 x-news Website: http://xqus.com Bugfounder: bd0rk Website: www.soh-crew.it.tt Contact: bd0rkathackermail.com Greetings: str0ke, Perle, TheJT, ajann +Exploit: http://target/xnewspath/news/db/users.txt Showexample:...
X-News '/db/users.txt' Information Disclosure Vulnerability
X-News is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2004 Audun Larsen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2002-2046
xnews.php in X-News xnews 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5password cookie...
CVE-2002-2046
CVE-2002-2046 affects X-News (x_news) 1.1 and earlier. The flaw allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with network attack vector, low attack complexity, and no authenticati...
CVE-2002-1656
CVE-2002-1656 affects X-News (x_news) 1.1 and earlier, a PHP-based news management system that stores user IDs and MD5 password hashes in a world-readable file (db/users.txt). The vulnerability enables an attacker to authenticate as other users by obtaining a password hash (e.g., via sniffing or ...
CVE-2002-1656
X-News xnews 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie...
X-News Password MD5 Hash Authentication Bypass
X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. X-News stores user ids and passwords, as MD5 hashes, in a world- readable file, 'db/users.txt'...
CVE-2002-1656
X-News xnews 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie...