show newsphp software vulnerabilities
vulnerabilities.aspcode.net
Searching show newsphp software vulnerabilities
Arrowpoint (aka Cisco Content Services, or CSS)
Arrowpoint
|
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
CDRDAO 1.1.4 and 1.1.5 allows local users to re
CDRDAO
|
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command.
nphpd.php in newsPHP 216 and earlier allows rem
nphpdphp
|
newsPHP
|
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
nphpd.php in newsPHP 216 and earlier allows rem
nphpdphp
|
newsPHP
|
nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.
Cross-site scripting (XSS) vulnerability in (1)
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.
NewsPHP allows remote attackers to gain unautho
"autorized=admin;
|
administrative
|
unauthorized
|
root=admin"
|
attackers
|
setting
|
NewsPHP
|
cookie
|
remote
|
allows
|
access
|
value
|
gain
|
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
Unrestricted file upload vulnerability in the A
Administration
|
administrators
|
authenticated
|
vulnerability
|
Unrestricted
|
arbitrary
|
NewsPHP
|
instead
|
execute
|
upload
|
allows
|
remote
|
video
|
files
|
Panel
|
code
|
file
|
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
Cross-site scripting (XSS) vulnerability in sho
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.
SQL injection vulnerability in index.php for Li
vulnerability
|
Squirrelcart
|
Lighthouse
|
arbitrary
|
injection
|
attackers
|
indexphp
|
commands
|
execute
|
allows
|
remote
|
via
|
SQL
|
SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.
show_news.php in CuteNews 1.3.6 allows remote a
show_newsphp
|
CuteNews
|
show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter.
Directory traversal vulnerability in CuteNews 1
vulnerability
|
traversal
|
Directory
|
CuteNews
|
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
Multiple SQL injection vulnerabilities in JPort
vulnerabilities
|
arbitrary
|
injection
|
attackers
|
commands
|
Multiple
|
execute
|
JPortal
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php.
Multiple SQL injection vulnerabilities in index
vulnerabilities
|
injection
|
attackers
|
arbitrary
|
indexphp
|
Multiple
|
commands
|
NewsPHP
|
execute
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.
Cross-site scripting (XSS) vulnerability in sho
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
SQL injection vulnerability in include.php in P
vulnerability
|
includephp
|
injection
|
PHPKIT
|
SQL
|
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.
Multiple SQL injection vulnerabilities in FreeH
vulnerabilities
|
injection
|
attackers
|
arbitrary
|
FreeHost
|
Multiple
|
commands
|
execute
|
remote
|
allow
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.
Global variable overwrite vulnerability in main
vulnerability
|
maincorephp
|
PHP-Fusion
|
overwrite
|
variable
|
Global
|
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
Multiple SQL injection vulnerabilities in Jasmi
vulnerabilities
|
attackers
|
arbitrary
|
injection
|
Multiple
|
commands
|
execute
|
Jasmine
|
remote
|
allow
|
via
|
SQL
|
CMS
|
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
Software vulnerabilities results 1 to 20 of 132
Page:
1
2
3
4
5
...
7
►