EUVD-2006-6174

Malware in sbrugna...

8Pixel.net SimpleBlog ID SQL注入漏洞

Simple Blog是一款基于PHP的网络日记程序。 Simple Blog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'default.asp'脚本对用户提交的"id"参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 8pixel.net Simple Blog 2.3 http://www.8pixel.net/...

CVE-2006-6192

Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are...