Directory traversal

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information script source code via a .. dot dot in the suckurl parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file...

CVE-2007-6650

Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file...

CVE-2007-6651

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information script source code via a .. dot dot in the suckurl parameter...

CVE-2007-6650

Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file...

CVE-2007-6651

Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information script source code via a .. dot dot in the suckurl parameter...

CVE-2007-6651

CVE-2007-6651 affects Bitweaver R2 CMS, specifically the wiki/edit.php script. The vulnerability stems from inadequate sanitization of the suck_url parameter, allowing unauthenticated attackers to perform a directory traversal and read sensitive files (e.g., configuration) on the remote host. The...

CVE-2007-6650

The CVE-2007-6650 entry describes an Unrestricted file upload vulnerability in the Bitweaver R2 CMS, specifically in the fisheye/upload.php endpoint. An attacker can upload arbitrary files by abusing the image/gif content type (and possibly other image/PDF types), demonstrated by uploading a .hta...

Bitweaver source code disclosure, arbitrary file upload

WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...

Bitweaver R2 CMS Remote File Upload / Disclosure Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix...

bitweaver-disclose.txt

WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...

Bitweaver R2 CMS - Arbitrary File Upload Disclosure

Bitweaver R2 CMS - Arbitrary File Upload Disclosure WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with...

Bitweaver R2 CMS Remote File Upload / Disclosure Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ Bitweaver R2 CMS Remote File Upload / Disclosure Vulnerabilities ================================================================ WwW.BugReport.ir AmnPardaz Security Research...

Bitweaver R2 CMS - Arbitrary File Upload / Disclosure

WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...

Code injection

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action...

CVE-2007-6412

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action...

CVE-2007-6412

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action...

CVE-2007-6412

Direct static code injection vulnerability in Bitweaver wiki/index.php (versions 2.0.0 and earlier) when comments are enabled. Remote attackers can inject arbitrary PHP code via the editcomments action. Evidence from multiple sources confirms the affected component, condition, and exact impact; n...

Sql injection

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 sortmode parameter to wiki/listpages.php and the 2 highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...