Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cutephp cutenews vulnerabilities and exploits
(subscribe to this query)
392
VMScore
CVE-2005-1876
Direct code injection vulnerability in CuteNews 1.3.6 and previous versions allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
Cutephp Cutenews
445
VMScore
CVE-2006-1339
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote malicious users to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter i...
Cutephp Cutenews
755
VMScore
CVE-2005-3010
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
Cutephp Cutenews
1 EDB exploit
1000
VMScore
CVE-2008-4557
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote malicious users to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
Cutephp Cutenews 1.1.1
1 EDB exploit
685
VMScore
CVE-2006-1121
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote malicious users to inject arbitrary web script or HTML via the query string to index.php.
Cutephp Cutenews 1.4.1
1 EDB exploit
668
VMScore
CVE-2007-1153
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote malicious users to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE...
Cutephp Cutenews 1.3.6
435
VMScore
CVE-2006-1925
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote malicious users to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when t...
Cutephp Cutenews 1.4.1
1 EDB exploit
435
VMScore
CVE-2006-6300
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via the result parameter.
Cutephp Cutenews 1.3.6
1 EDB exploit
383
VMScore
CVE-2005-2393
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote malicious users to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
Cutephp Cutenews 1.3.6
445
VMScore
CVE-2005-2394
show_news.php in CuteNews 1.3.6 allows remote malicious users to obtain the full path of the server via an invalid archive parameter.
Cutephp Cutenews 1.3.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »