RSS   Podatności dla 'Magic news plus'   RSS

2007-03-02
 
CVE-2007-1142

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

 
 
CVE-2007-1141

CWE-94
 

 
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

 
2006-01-10
 
CVE-2006-0157

 

 
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

 

 >>> Vendor: Reamday enterprises 5 Produkty
Magic news plus
Magic calendar lite
Magic downloads
Magic news lite
Magic news pro


Copyright 2024, cxsecurity.com

 

Back to Top