News
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-6462 | 0.04 | — | 0.12 | Dec 11, 2006 | PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter. | |||
| CVE-2008-2413 | 0.03 | — | 0.01 | May 22, 2008 | Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||
| CVE-2008-2412 | 0.03 | — | 0.00 | May 22, 2008 | SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-1021 | 0.03 | — | 0.01 | Feb 21, 2007 | SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. | |||
| CVE-2007-1024 | 0.03 | — | 0.03 | Feb 21, 2007 | PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | |||
| CVE-2006-3385 | 0.03 | — | 0.01 | Jul 6, 2006 | Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. | |||
| CVE-2014-2245 | 0.00 | — | 0.00 | Mar 5, 2014 | SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are… | |||
| CVE-2011-3851 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||
| CVE-2006-6996 | 0.00 | — | 0.00 | Feb 12, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a… | |||
| CVE-2006-3384 | 0.00 | — | 0.01 | Jul 6, 2006 | SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | |||
| CVE-2006-3386 | 0.00 | — | 0.00 | Jul 6, 2006 | index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. |
- CVE-2006-6462Dec 11, 2006risk 0.04cvss —epss 0.12
PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter.
- CVE-2008-2413May 22, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2008-2412May 22, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-1021Feb 21, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
- CVE-2007-1024Feb 21, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
- CVE-2006-3385Jul 6, 2006risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
- CVE-2014-2245Mar 5, 2014risk 0.00cvss —epss 0.00
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are…
- CVE-2011-3851Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
- CVE-2006-6996Feb 12, 2007risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a…
- CVE-2006-3384Jul 6, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.
- CVE-2006-3386Jul 6, 2006risk 0.00cvss —epss 0.00
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.