Vulnerabilities (CVE)

Filtered by vendor Xqus Subscribe
Filtered by product X-news
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-2046 1 Xqus 1 X-news 2024-11-20 7.5 HIGH N/A
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
CVE-2002-1656 1 Xqus 1 X-news 2024-11-20 7.5 HIGH N/A
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.