Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
farsinews farsinews vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-2084
Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.
Farsinews Farsinews
Farsinews Farsinews 2.1
Farsinews Farsinews 2.1 Beta2
Farsinews Farsinews 2.5
NA
CVE-2006-1822
Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and previous versions allows remote malicious users to inject arbitrary web script or HTML via the selected_search_arch parameter.
Farsinews Farsinews 2.1
Farsinews Farsinews 2.1 Beta2
Farsinews Farsinews 2.5
Farsinews Farsinews 2.5.3
1 EDB exploit
NA
CVE-2006-1823
Directory traversal vulnerability in FarsiNews 2.5.3 Pro and previous versions allows remote malicious users to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.
Farsinews Farsinews 2.5.3
Farsinews Farsinews 2.1 Beta2
Farsinews Farsinews 2.5
Farsinews Farsinews 2.1
NA
CVE-2006-0660
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and previous versions allows remote malicious users to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbi...
Farsinews Farsinews 2.1
Farsinews Farsinews 2.1 Beta2
Farsinews Farsinews 2.5
2 EDB exploits
NA
CVE-2006-0502
PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and previous versions, with register_globals enabled, allows remote malicious users to include arbitrary files via a URL in the cutepath parameter.
Farsinews Farsinews
1 EDB exploit
NA
CVE-2006-3602
Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote malicious users to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme.
Farsinews Farsinews 3.0 Beta 1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started