Bitweaver 2.8.1 - Multiple Vulnerabilities

Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver http://www.bitweaver.org/ Product: Bitweaver Version affected: 2.8.1 and earlier versions Product description: Bitweaver is a free and open source web...

Bitweaver 2.8.1 Multiple Vulnerabilities

Finding 1: Local File Inclusion Vulnerability CVE: CVE-2012-5192 Finding 2: Multiple XSS Vulnerabilities in Bitweaver CVE: CVE-2012-5193 Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver...

Bitweaver CMS 2.8.1 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | / \ / / / / .\ / / \ / / \ / / .\ / / \ / / \ | |/ \ / / / | | |/ \ | / / / / / / / / / / / / / / | | | \ // / /||/ /| // \// / // / /\// / // / /||| / / / / / / / / / / / / / /...

Bitweaver 2.7 LFI

Local file include vulnerability in Bitweaver style parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

CVE-2010-5086

Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. dot dot in the style parameter...

Directory traversal

Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. dot dot in the style parameter...

CVE-2010-5086

Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. dot dot in the style parameter...

CVE-2010-5086

CVE-2010-5086 affects Bitweaver 2.7 and 2.8.1, exposing a Local File Include in wiki/rankings.php via a .. in the style parameter, enabling remote attackers to read arbitrary files. The vulnerability is a directory traversal/LFI issue rooted in inadequate input sanitization of the style parameter...

Bitweaver 'rankings.php' Local File Include Vulnerability

Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Bitweaver 2.81 Local File Inclusion

Exploit Title: Bitweaver v2.81 LFI exploit Date: 27.02.2012 Author: I2sec-PJH Software Link: http://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download Version: v2.81 Tested on: windows xp ------------------------------------------------------ -Description LFI...

Bitweaver v2.81 Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Bitweaver v2.81 LFI exploit Date: 27.02.2012 Author: I2sec-PJH Software Link: http://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download Version: v2.81 Tested on: windows xp...

Bitweaver Multiple Cross-Site Scripting Vulnerabilities

Bitweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities

Advisory: Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities Advisory ID: SSCHADV2011-021 Author: Stefan Schurtz Affected Software: Successfully tested on Bitweaver 2.8.1 Vendor URL: http://www.bitweaver.org Vendor Status: informed CVE-ID: - ========================== Vulnerability...

Bitweaver 2.8.1 Cross Site Scripting

Advisory: Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities Advisory ID: SSCHADV2011-021 Author: Stefan Schurtz Affected Software: Successfully tested on Bitweaver 2.8.1 Vendor URL: http://www.bitweaver.org Vendor Status: informed CVE-ID: - ========================== Vulnerability...

Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities

Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49864/info Bitweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/49864/info Bitweaver is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

BitWeaver Framework v2.8.1 - Multiple Web Vulnerabilities

Document Title: =============== BitWeaver Framework v2.8.1 - Multiple Web Vulnerabilities Release Date: ============= 2011-07-31 Vulnerability Laboratory ID VL-ID: ==================================== 71 Product & Service Introduction: =============================== bitweaver is an application...

BitWeaver Framework v2.8.1 - Multiple Web Vulnerabilities

Document Title: =============== BitWeaver Framework v2.8.1 - Multiple Web Vulnerabilities Release Date: ============= 2011-07-31 Vulnerability Laboratory ID VL-ID: ==================================== 71 Product & Service Introduction: =============================== bitweaver is an application...

Bitweaver 2.x (FCKeditor) File Upload Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Bitweaver 2.x (FCKeditor) File Upload Code Execution (meta)

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...