Searching news login software vulnerabilities

The NNTP news service is running.

service | running | NNTP | news |

The NNTP news service is running.


X-News (x_news) 1.1 and earlier allows attacker

X-News |

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.


x_news.php in X-News (x_news) 1.1 and earlier a

x_newsphp | X-News |

x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.


Cross-site scripting (XSS) vulnerability in e10

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.


delete.php in Plague News System 0.6 and earlie

unauthenticated | attackers | deletephp | parameter | modifying | comments | shoutbox | earlier | Plague | delete | allows | remote | System | posts | News |

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.


SQL injection vulnerability in check_user.asp i

vulnerability | check_userasp | including | injection | products | multiple | SQL | Web | Wiz |

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_ncomphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_newsphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


PHP remote file inclusion vulnerability in scri

scripts/news_pagephp | vulnerability | Enterprises | inclusion | Reamday | remote | Magic | file | News | Pro | PHP |

PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the the_band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php.


Multiple SQL injection vulnerabilities in the l

vulnerabilities | yansfuncphp | login_user | Rodriguez | injection | Multiple | function | Another | System | Pedro | Lucas | News | SQL | Yet | San |

Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.


SQL injection vulnerability in show_news.php in

vulnerability | show_newsphp | arbitrary | attackers | injection | parameter | commands | execute | Xt-News | id_news | allows | remote | SQL | via |

SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.


PHP remote file inclusion vulnerability in misc

vulnerability | inclusion | SH-News | miscphp | remote | file | PHP |

PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.


PHP remote file inclusion vulnerability in bn_s

vulnerability | bn_smrep1php | inclusion | BinGoPHP | remote | file | News | PHP |

PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.


SQL injection vulnerability in news_detail.asp

news_detailasp | vulnerability | attackers | arbitrary | injection | parameter | commands | execute | earlier | allows | remote | NEWS | SQL | via | ASP |

SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.


SQL injection vulnerability in news_page.asp in

vulnerability | news_pageasp | Newsposter | injection | Kilbryde | Script | Martyn | SQL |

SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.


SQL injection vulnerability in index.php in pag

vulnerability | injection | indexphp | pagetool | SQL |

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.


Software vulnerabilities results 1 to 20 of 657     
Page: 12345...33