Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities

Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/22169/info Bitweaver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...

CVE-2006-6925

Multiple cross-site scripting XSS vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the message title field when submitting an article to articles/edit.php, 2 the message title field when submitting a blog post to blogs/post.php, or...

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sortmode=-98 query string to 1 blogs/listblogs.php, 2 fisheye/index.php, 3 wiki/orphanpages.php, or 4 wiki/listpages.php, which forces a SQL error. NOTE: the fisheye/listgalleries.php vector is already cover...

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter...

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter...

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sortmode=-98 query string to 1 blogs/listblogs.php, 2 fisheye/index.php, 3 wiki/orphanpages.php, or 4 wiki/listpages.php, which forces a SQL error. NOTE: the fisheye/listgalleries.php vector is already cover...

CVE-2006-6925

Multiple cross-site scripting XSS vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the message title field when submitting an article to articles/edit.php, 2 the message title field when submitting a blog post to blogs/post.php, or...

CVE-2006-6924

CVE-2006-6924 affects Bitweaver 1.3.1 and earlier, where a remote attacker can trigger a SQL error and potentially expose sensitive information by sending sort_mode=-98 to one of: blogs/list_blogs.php, fisheye/index.php, wiki/orphan_pages.php, or wiki/list_pages.php. The issue is described as a v...

CVE-2006-6923

CVE-2006-6923 describes a SQL injection in the newsletters/edition.php script of Bitweaver, affecting version 1.3.1 and earlier. The underlying issue allows an attacker to inject and execute arbitrary SQL via the tk parameter, leading to potential data disclosure or modification. The connected re...

CVE-2006-6925

CVE-2006-6925 affects bitweaver up to version 1.3.1 and earlier, with multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML through: (1) the article message title when submitting to articles/edit.php, (2) the blog post message title when submitting...

bitweaver131.txt

bitweaver xss post in message title submit article http://localhost/bitweaver/blogs/post.php == xss post in message title blog http://localhost/bitweaver/wiki/edit.php?page=SandBox == xss post in message description wiki those xss are pretty dangerous , like in submit article , wich is only viewe...

Bitweaver 1.x - wikilist_pages.php?sort_mode SQL Injection

Bitweaver 1.x - wikilistpages.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

Bitweaver 1.x - fisheyeindex.php?sort_mode SQL Injection

Bitweaver 1.x - fisheyeindex.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

Bitweaver 1.x - blogslist_blogs.php?sort_mode SQL Injection

Bitweaver 1.x - blogslistblogs.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

Bitweaver 1.x - wikiorphan_pages.php?sort_mode SQL Injection

Bitweaver 1.x - wikiorphanpages.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow a...

Bitweaver 1.x - fisheyelist_galleries.php?sort_mode SQL Injection

Bitweaver 1.x - fisheyelistgalleries.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could...

bitweaver <=1.3.1 [injection sql (post) & xss (post)]

bitweaver =1.3.1 injection sql post & xss post vendor site: http://www.bitweaver.org/ product :bitweaver 1.3.1 bug:injection sql post & multiples xss post risk : high severals juicy sql error can be found in the sortmode var , sql get : http://localhost/bitweaver/blogs/listblogs.php?sortmode=-98...

Bitweaver 1.x - '/wiki/list_pages.php?sort_mode' SQL Injection

source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

Bitweaver 1.x - '/wiki/orphan_pages.php?sort_mode' SQL Injection

source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

Bitweaver 1.x - '/fisheye/index.php?sort_mode' SQL Injection

source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...