Searching news software vulnerabilities

Directory traversal vulnerability in newsdesk.c

vulnerability | newsdeskcgi | arbitrary | attackers | parameter | traversal | Directory | remote | allows | files | News | read | Desk | "t" | via |

Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter.


X-News (x_news) 1.1 and earlier allows attacker

X-News |

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.


x_news.php in X-News (x_news) 1.1 and earlier a

x_newsphp | X-News |

x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.


News Manager Lite 2.5 allows remote attackers t

authentication | administrator | privileges | NEWS_LOGIN | attackers | parameter | setting | Manager | allows | cookie | bypass | remote | ADMIN | Lite | News | gain |

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.


delete.php in Plague News System 0.6 and earlie

unauthenticated | attackers | deletephp | parameter | modifying | comments | shoutbox | earlier | Plague | delete | allows | remote | System | posts | News |

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_ncomphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_newsphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


PHP remote file inclusion vulnerability in scri

scripts/news_pagephp | vulnerability | Enterprises | inclusion | Reamday | remote | Magic | file | News | Pro | PHP |

PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.


SQL injection vulnerability in show_news.php in

vulnerability | show_newsphp | arbitrary | attackers | injection | parameter | commands | execute | Xt-News | id_news | allows | remote | SQL | via |

SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.


PHP remote file inclusion vulnerability in misc

vulnerability | inclusion | SH-News | miscphp | remote | file | PHP |

PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.


PHP remote file inclusion vulnerability in bn_s

vulnerability | bn_smrep1php | inclusion | BinGoPHP | remote | file | News | PHP |

PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.


SQL injection vulnerability in news_detail.asp

news_detailasp | vulnerability | attackers | arbitrary | injection | parameter | commands | execute | earlier | allows | remote | NEWS | SQL | via | ASP |

SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.


SQL injection vulnerability in news_page.asp in

vulnerability | news_pageasp | Newsposter | injection | Kilbryde | Script | Martyn | SQL |

SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.


PHP remote file inclusion vulnerability in show

show_news_incphp | VS-News-System | vulnerability | VirtualSystem | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.


Directory traversal vulnerability in archives.p

vulnerability | archivesphp | Xpression | traversal | Directory | News |

Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.


PHP remote file inclusion vulnerability in news

Computerservice | vulnerability | newsadminphp | inclusion | Feindt | remote | News | file | PHP |

PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.


Cross-site scripting (XSS) vulnerability in STp

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.


SQL injection vulnerability in index.php in pag

vulnerability | injection | indexphp | pagetool | SQL |

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.


Software vulnerabilities results 1 to 20 of 240     
Page: 12345...13