Searching scripts news pagephp software vulnerabilities

The NNTP news service is running.

service | running | NNTP | news |

The NNTP news service is running.


Mantis 0.17.4a and earlier allows remote attack

parameter | attackers | modifying | private | earlier | Mantis | allows | remote | 0174a | f_id | view | bugs | bug |

Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.


X-News (x_news) 1.1 and earlier allows attacker

X-News |

X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.


x_news.php in X-News (x_news) 1.1 and earlier a

x_newsphp | X-News |

x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.


News Manager Lite 2.5 allows remote attackers t

authentication | administrator | privileges | NEWS_LOGIN | attackers | parameter | setting | Manager | allows | cookie | bypass | remote | ADMIN | Lite | News | gain |

News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.


delete.php in Plague News System 0.6 and earlie

unauthenticated | attackers | deletephp | parameter | modifying | comments | shoutbox | earlier | Plague | delete | allows | remote | System | posts | News |

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.


Mantis before 0.19.4 allows remote attackers to

before | Mantis |

Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.


CRLF injection vulnerability in Mantis 1.0.0rc3

vulnerability | attackers | splitting | injection | response | headers | conduct | attacks | earlier | modify | 100rc3 | Mantis | allows | remote | HTTP | CRLF | via |

CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.


Multiple SQL injection vulnerabilities in Advan

vulnerabilities | injection | Advanced | Multiple | Poll | SQL |

Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_ncomphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


PHP remote file inclusion vulnerability in bp_n

vulnerability | bp_newsphp | inclusion | remote | BinGo | News | file | PHP |

PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.


SQL injection vulnerability in show_news.php in

vulnerability | show_newsphp | arbitrary | attackers | injection | parameter | commands | execute | Xt-News | id_news | allows | remote | SQL | via |

SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.


Multiple eval injection vulnerabilities in iGen

vulnerabilities | parameter | injection | attackers | arbitrary | supplied | Multiple | function | iGeneric | execute | action | remote | allow | which | eval | call | Shop | code | via |

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.


SQL injection vulnerability in news_detail.asp

news_detailasp | vulnerability | attackers | arbitrary | injection | parameter | commands | execute | earlier | allows | remote | NEWS | SQL | via | ASP |

SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.


SQL injection vulnerability in index.php in pag

vulnerability | injection | indexphp | pagetool | SQL |

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.


Multiple SQL injection vulnerabilities in eSynd

vulnerabilities | eSyndiCat | attackers | arbitrary | injection | Multiple | commands | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php.


Software vulnerabilities results 1 to 20 of 548     
Page: 12345...28