VYPR
Vendor

News Manager

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2008-2340May 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

  • CVE-2008-2342May 19, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2008-2341May 19, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.

  • CVE-2008-2343May 19, 2008
    risk 0.03cvss epss 0.02

    News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.

  • CVE-2004-1847Mar 20, 2004
    risk 0.03cvss epss 0.03

    News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.

  • CVE-2005-1780May 31, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.