Code injection

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

Directory traversal

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. dot dot in the version parameter to boards/boardsrss.php...

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. dot dot in the version parameter to boards/boardsrss.php...

CVE-2009-1678

Bitweaver prior to version 2.7 is affected by a directory traversal flaw in the saveFeed function of rss/feedcreator.class.php, where a crafted .. in the version parameter to boards/boards_rss.php allows remote attackers to create or overwrite arbitrary files. This impacts Bitweaver 2.6 and earli...

CVE-2009-1677

CVE-2009-1677 affects Bitweaver 2.6 and earlier, specifically the saveFeed function in rss/feedcreator.class.php. The vulnerability allows arbitrary PHP code execution via two vectors: (1) remote authenticated users inserting PHP sequences into the account display name and then calling boards/boa...

Bitweaver version参数目录遍历漏洞

BUGTRAQ ID: 34910 Bitweaver是免费的开源web应用框架和内容管理系统。 Bitweaver的boards/boardsrss.php模块没有正确地过滤对version参数所传送的输入便用于创建文件： ... echo $rss-saveFeed $rssversionname, $cacheFile ; ... 以不安全方式调用了saveFeed函数，基于$REQUESTversion变量的参数可能包含有目录遍历序列。 在/rss/feedcreator.class.php的saveFeed函数中： ... function...

Bitweaver 2.6 Code Execution

saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal sequences... now look at saveFeed function in /rss/feedcreator.class.php ... function saveFeed$filename="", $displayContents=tru...

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= Bitweaver saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal...

Bitweaver &lt;= 2.6 /boards/boards_rss.php / saveFeed&#40;&#41; remote code execution exploit

?php / Bitweaver = 2.6 /boards/boardsrss.php / saveFeed remote code execution exploit by Nine:Situations:Group::bookoo php.ini independent site: http://retrogod.altervista.org/ software site: http://www.bitweaver.org/ You need an user account and you need to change your "display name" in:...

Bitweaver 2.6 - saveFeed() Remote Code Execution

Bitweaver 2.6 - saveFeed Remote Code Execution saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal sequences... now look at saveFeed function in /rss/feedcreator.class.php...

Bitweaver 2.6 - &#039;saveFeed()&#039; Remote Code Execution

saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal sequences... now look at saveFeed function in /rss/feedcreator.class.php ... function saveFeed$filename="", $displayContents=tru...

Bitweaver &lt;= 2.6 saveFeed() Remote Code Execution Exploit

No description provided by source. ?php / Bitweaver = 2.6 /boards/boardsrss.php / saveFeed remote code execution exploit by Nine:Situations:Group::bookoo php.ini independent site: http://retrogod.altervista.org/ software site: http://www.bitweaver.org/ You need an user account and you need to...

CVE-2008-4337

Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...

Cross site scripting

Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...

CVE-2008-4337

Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...

CVE-2008-4337

CVE-2008-4337 is an XSS vulnerability in Bitweaver 2.0.2. The provided documents describe multiple vectors: arbitrary script/HTML injection via URL parameters across numerous pages (articles/edit/list; blogs/list_blogs/rankings; calendar and events pages; fisheye galleries; liberty/list_content; ...

Bitweaver wiki/edit.php suck_url Parameter Traversal Source Code Disclosure

The remote host is running Bitweaver, an open source content management system written in PHP. The version of this software installed on the remote host fails to sanitize input to the 'suckurl' parameter of the 'wiki/edit.php' script of directory traversal sequences. An unauthenticated attacker c...

CVE-2007-6651

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information script source code via a .. dot dot in the suckurl parameter...

CVE-2007-6650

Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file...