Bitweaver 1.x - '/wiki/orphan_pages.php?sort_mode' SQL Injection

source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

Bitweaver 1.x - '/fisheye/index.php?sort_mode' SQL Injection

source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

bitweaver 1.x - newslettersedition.php?tk SQL Injection

bitweaver 1.x - newslettersedition.php?tk SQL Injection source: https://www.securityfocus.com/bid/20988/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection...

bitweaver 1.x - '/newsletters/edition.php?tk' SQL Injection

source: https://www.securityfocus.com/bid/20988/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection issues and multiple SQL-injection issues. A successful...

bitweaver_13_xpl.txt

!/usr/bin/php -q -d shortopentag=on mErrors'articleimage' = "Error during att...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

CVE-2006-3103

Cross-site scripting XSS vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the 1 error parameter in users/login.php and the 2 feedback parameter in articles/index.php...

CVE-2006-3104

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sortmode parameter, which reveals the installation path and database information in the resultant error message...

CVE-2006-3105

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

CVE-2006-3103

Cross-site scripting XSS vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the 1 error parameter in users/login.php and the 2 feedback parameter in articles/index.php...

CVE-2006-3105

Technical details about CVE-2006-3105 are not publicly provided in the connected documents. The available sources reproduce the description but do not specify affected products/versions, root cause, or fixes. Monitor for updates.

CVE-2006-3104

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sortmode parameter, which reveals the installation path and database information in the resultant error message...

CVE-2006-3103

CVE-2006-3103 describes a cross-site scripting (XSS) vulnerability in Bitweaver 1.3, allowing remote attackers to inject arbitrary web script or HTML via (1) the error parameter in users/login.php and (2) the feedback parameter in articles/index.php. The connected records confirm Bitweaver as the...

CVE-2006-3104

CVE-2006-3104 concerns Bitweaver 1.3, where the script users/index.php exposes a sensitive information disclosure via an invalid sort_mode parameter. The error message can reveal installation path and database information, indicating a server-side information exposure vulnerability in the renderi...

CVE-2006-3102

CVE-2006-3102 affects Bitweaver 1.3. A race condition in articles/BitArticle.php when running under Apache with mod_mime lets remote attackers execute arbitrary PHP code by uploading files with double extensions, which are temporarily stored under the webroot in the temp/articles directory. No re...

CVE-2006-3105

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php...

bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit

Exploit for unknown platform in category web applications =========================================================== bitweaver = 1.3 tmpImagePath Attachment modmime Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? echo "bitweaver = v1.3...

Bitweaver 1.3 - tmpImagePath Attachment mod_mime

Bitweaver 1.3 - tmpImagePath Attachment modmime !/usr/bin/php -q -d shortopentag=on mErrors'articleimage'...

bitweaver &lt;= 1.3 (tmpImagePath) Attachment mod_mime Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "bitweaver = v1.3 'tmpImagePath' attachment modmime exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by bitweaver"\r\n\r\n"; if $argc4 echo...