Netwin: >> Webnews >> 1.1h Security Vulnerabilities
PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
CVSS Score
7.5
EPSS Score
0.084
Published
2006-10-03
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.
CVSS Score
7.5
EPSS Score
0.037
Published
2002-05-31
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.
CVSS Score
7.5
EPSS Score
0.008
Published
2002-05-31