EUVD-2006-6729

Malware in sbrugna...

EUVD-2006-6730

Malware in sbrugna...

Xt-News 0.1 show_news.php id_news Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit...

Xt-News 0.1 show_news.php id_news Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit...

Xt-News 0.1 add_comment.php id_news Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit...

CVE-2006-6747

SQL injection vulnerability in shownews.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the idnews parameter...

CVE-2006-6746

Multiple cross-site scripting XSS vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the idnews parameter to 1 addcomment.php or 2 shownews.php...

xtnew01-sqlxss.txt

Xt-News 0.1 ----------- Vendor site: http://dreaxteam.free.fr/forums/ Product: Xt-News 0.1 Vulnerability: SQL Injection Vulnerability & XSS Credits: MrKaLiMaN Reported to Vendor: 10/12/06 Public disclosure: 22/12/06 Description: ------------ SQL Injection Vulnerability:...

CVE-2006-6747

SQL injection vulnerability in shownews.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the idnews parameter...

CVE-2006-6746

The CVE concerns Xt-News 0.1, where multiple cross-site scripting (XSS) vulnerabilities affect user-supplied input via the id_news parameter. Specifically, the flaws can be triggered through add_comment.php or show_news.php, enabling remote attackers to inject arbitrary web script or HTML. Impact...

CVE-2006-6747

The CVE-2006-6747 entry describes a SQL injection in Xt-News 0.1’s show_news.php, exploitable via the id_news parameter. A remote attacker can cause arbitrary SQL execution (no authentication required; network access; low attack complexity) with potential partial impact to confidentiality, integr...

CVE-2006-6746

Multiple cross-site scripting XSS vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the idnews parameter to 1 addcomment.php or 2 shownews.php...

Xt-News 0.1 : SQL Injection Vulnerability & XSS

Xt-News 0.1 ----------- Vendor site: http://dreaxteam.free.fr/forums/ Product: Xt-News 0.1 Vulnerability: SQL Injection Vulnerability & XSS Credits: MrKaLiMaN Reported to Vendor: 10/12/06 Public disclosure: 22/12/06 Description: ------------ SQL Injection Vulnerability:...

Xt-News 0.1 - 'show_news.php?id_news' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal cookie-based...

Xt-News 0.1 - show_news.php?id_news Cross-Site Scripting

Xt-News 0.1 - shownews.php?idnews Cross-Site Scripting source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An...

Xt-News 0.1 - show_news.php?id_news SQL Injection

Xt-News 0.1 - shownews.php?idnews SQL Injection source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker...

Xt-News 0.1 - 'add_comment.php?id_news' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal cookie-based...

Xt-News 0.1 - add_comment.php?id_news Cross-Site Scripting

Xt-News 0.1 - addcomment.php?idnews Cross-Site Scripting source: https://www.securityfocus.com/bid/21719/info Xt-News is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An...