Bitweaver 2.x (FCKeditor) Multiple Arbitrary Shell Upload

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Bitweaver 2.5.0 (list_blogs.php) Cookie Stealing/LFI Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Bitweaver 2.8.0 - Multiple Vulnerabilities

exploit title: Path Disclosure bitweaver 2.8 date: 25.o2.2o11 author: lemlajt software : bitweaver version: 2.8 tested on: linux cve : Path Disclosure bitweaver 2.8 PoC : http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php?page=%27 sql injection in bitweaver 2.8 PoC : 1...

Bitweaver 2.8.1 Cross Site Scripting / SQL Injection

exploit title: Path Disclosure bitweaver 2.8 date: 25.o2.2o11 author: lemlajt software : bitweaver version: 2.8 tested on: linux cve : Path Disclosure bitweaver 2.8 PoC : http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php?page=%27 sql injection in bitweaver 2.8 PoC : 1...

Bitweaver 2.8.0 - Multiple Vulnerabilities

Bitweaver 2.8.0 - Multiple Vulnerabilities exploit title: Path Disclosure bitweaver 2.8 date: 25.o2.2o11 author: lemlajt software : bitweaver version: 2.8 tested on: linux cve : Path Disclosure bitweaver 2.8 PoC :...

Bitweaver <= 2.8.1 'edit.php' HTML Injection Vulnerability

Bitweaver is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Bitweaver 2.8.1 Cross Site Scripting

exploit title: persistant xss in bitweaver2.8.1 date: 22.o2.2o11 author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/articles/edit.php form-data;...

Bitweaver 2.8.1 - Persistent Cross-Site Scripting

Bitweaver 2.8.1 - Persistent Cross-Site Scripting exploit title: persistant xss in bitweaver2.8.1 date: 22.o2.2o11 author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST...

bitweaver 2.8.1 Persistant XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/articles/edit.php form-data;...

Bitweaver 2.8.1 - Persistent Cross-Site Scripting

exploit title: persistant xss in bitweaver2.8.1 date: 22.o2.2o11 author: lemlajt software : bitweaver @ sourceforge.net version: 2.8.1 tested on: linux cve : PoC : 1. submit an article POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/articles/edit.php form-data;...

Bitweaver wiki/rankings.php style Parameter Traversal Local File Inclusion

The remote web server hosts Bitweaver, an open source content management system written in PHP. At least one install of Bitweaver on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'wiki/rankings.php' script before using it to include PHP code. Regardless of...

Bitweaver 'style' Parameter Local File Include Vulnerability

Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Bitweaver 2.7 - fImg Cross-Site Scripting

Bitweaver 2.7 - fImg Cross-Site Scripting source: https://www.securityfocus.com/bid/41421/info Bitweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Bitweaver 2.7 - &#039;fImg&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/41421/info Bitweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

BitWeaver <= 2.7 Non Persistent XSS Vulnerability

Exploit for unknown platform in category web applications ================================================= BitWeaver "alert"EgoPL says: I'm a XSS" There are more XSS fo...

bitweaver 2.7 persistant Xss Vulnerability

Exploit for unknown platform in category web applications ========================================== bitweaver 2.7 persistant Xss Vulnerability ========================================== prog ------------- bitweaver 2.7 vuln ------------- Persistant XSS in articles/edit.php logged only source...

Bitweaver Version Detection

This script detects the installed version of Bitweaver. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bitweaver Directory Traversal And Code Injection Vulnerabilities

Bitweaver is prone to directory traversal and code injection vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. dot dot in the version parameter to boards/boardsrss.php...