RSS   Podatności dla 'Dgnews'   RSS

2007-05-30
 
CVE-2007-0692

CWE-Other
 

 
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.

 
2006-05-31
 
CVE-2006-2695

 

 
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.

 


Copyright 2024, cxsecurity.com

 

Back to Top