Newsscript
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0735 | 0.04 | — | 0.08 | May 2, 2005 | newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin. | |||
| CVE-2006-4766 | 0.03 | — | 0.03 | Sep 13, 2006 | Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter. | |||
| CVE-2006-4666 | 0.03 | — | 0.04 | Sep 9, 2006 | Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d)… | |||
| CVE-2006-4768 | 0.00 | — | 0.01 | Sep 13, 2006 | Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters,… | |||
| CVE-2006-4767 | 0.00 | — | 0.02 | Sep 13, 2006 | Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the… |
- CVE-2005-0735May 2, 2005risk 0.04cvss —epss 0.08
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
- CVE-2006-4766Sep 13, 2006risk 0.03cvss —epss 0.03
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.
- CVE-2006-4666Sep 9, 2006risk 0.03cvss —epss 0.04
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d)…
- CVE-2006-4768Sep 13, 2006risk 0.00cvss —epss 0.01
Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters,…
- CVE-2006-4767Sep 13, 2006risk 0.00cvss —epss 0.02
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the…