311 matches found
Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
!/usr/bin/php -q -d shortopentag=on mErrors'articleimage' = "Error...
[SA19673] Bitweaver "error" Cross-Site Scripting Vulnerability
TITLE: Bitweaver "error" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19673 VERIFY ADVISORY: http://secunia.com/advisories/19673/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: bitweaver 1.x http://secunia.com/product/8545/ DESCRIPTION: KaDaL-X has...
Cross site scripting
Cross-site scripting XSS vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1745
Cross-site scripting XSS vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1745
Cross-site scripting XSS vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1745
This CVE concerns Bitweaver 1.3 and an input handling flaw in login.php that allows cross-site scripting via the error parameter. The vulnerability is an XSS in a web login page component, with the root cause being improper handling/encoding of user-supplied data in the error parameter. The provi...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacke...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed...
Cross site scripting
Cross-site scripting XSS vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the commenttitle parameter...
CVE-2006-1131
Cross-site scripting XSS vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the commenttitle parameter...
CVE-2006-1131
Cross-site scripting XSS vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the commenttitle parameter...
CVE-2006-1131
The CVE refers to a Cross-site Scripting (XSS) vulnerability in bitweaver CMS 1.2.1, specifically in read.php where the comment_title parameter is not properly sanitized, allowing injection of arbitrary web script or HTML. Documented impact is partial integrity impact with no confidentiality or a...
bitweaver_1.2.1_XSS.txt
Bitweaver CMS 1.2.1 User Comment Title Cross-Site Scripting Vulnerability Information of Software: Software: Bitweaver CMS 1.2.1 Site: http://www.bitweaver.org Description of software: bitweaver is continually improving it's stability, usability, flexibility and power. The rate at which this is...
Bitweaver 1.11.2 - Title HTML Injection
Bitweaver 1.11.2 - Title HTML Injection source: https://www.securityfocus.com/bid/16973/info The bitweaver application is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HT...
[SA19101] bitweaver "title" Script Insertion Vulnerability
TITLE: bitweaver "title" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19101 VERIFY ADVISORY: http://secunia.com/advisories/19101/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: bitweaver 1.x http://secunia.com/product/8545/ DESCRIPTION: Kiki has...
Bitweaver 1.1/1.2 - 'Title' HTML Injection
source: https://www.securityfocus.com/bid/16973/info The bitweaver application is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in...
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the 1 sortmode parameter to a fisheye/listgalleries.php, b messages/messagebox.php, and c users/my.php; the 2 postid parameter to d blogs/viewpost.php; and the 3...
CVE-2005-4379
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the 1 sortmode parameter to a fisheye/listgalleries.php, b messages/messagebox.php, and c users/my.php; the 2 postid parameter to d blogs/viewpost.ph...
CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the 1 sortmode parameter to a fisheye/listgalleries.php, b messages/messagebox.php, and c users/my.php; the 2 postid parameter to d blogs/viewpost.php; and the 3...
CVE-2005-4380
Bitweaver 1.1 and 1.1.1 beta contain multiple SQL injection vulnerabilities allowing remote attackers to execute arbitrary SQL commands via unsafely handled input in sort_mode (fisheye/list_galleries.php, messages/message_box.php, users/my.php), post_id (blogs/view_post.php), and blog_id (blogs/v...