VYPR

Newsscript

by Newsscript.co.uk

CVEs (5)

  • CVE-2005-0735May 2, 2005
    risk 0.04cvss epss 0.08

    newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.

  • CVE-2006-4766Sep 13, 2006
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.

  • CVE-2006-4666Sep 9, 2006
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d)…

  • CVE-2006-4768Sep 13, 2006
    risk 0.00cvss epss 0.01

    Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters,…

  • CVE-2006-4767Sep 13, 2006
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the…