REZERVI 3.0.2 (root) Remote Command Execution Exploit

Exploit for php platform in category web applications ===================================================== REZERVI 3.0.2 root Remote Command Execution Exploit ===================================================== !/usr/bin/perl...

Mango Blog 1.4.1 archives.cfm/search页面跨站脚本漏洞

BUGTRAQ ID: 39864 Mango Blog是编译了ColdFusion的可扩展博客引擎。 Mango Blog没有正确地过滤提交给archives.cfm/search页面的term参数便返回给了用户，远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 Laura Arguello Mango Blog 1.4.1 厂商补丁： Laura Arguello -------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mangoblog.org/...

Mango Blog 1.4.1 - archives.cfmsearch Cross-Site Scripting

Mango Blog 1.4.1 - archives.cfmsearch Cross-Site Scripting source: https://www.securityfocus.com/bid/39864/info Mango Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39864/info Mango Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Crea Blog Backup Disclosure

======================================================================================== | Title : Crea Blog = by Pass / Download Backup Vulnerability | Author : indoushka | email : [email protected] | Dork : Ce blog a été mis à disposition par CreaBlog | Tested on: windows SP2 Français V.Pnx...

Google Releases Chrome 4.1.249.1064

Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...

CVE-2009-4825

8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for AppData/sb.mdb...

CVE-2009-4825

8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for AppData/sb.mdb...

CVE-2009-4825

The CVE-2009-4825 entry relates to 8pixel.net Blog 4, where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of a database via a direct request for App_Data/sb.mdb. The incident is described as a direct file download vulnerability (no exploit...

Smart Blog 1.3 Directory Traversal / SQL Injection / Cross Site Scripting / File Inclusion

======================================================================================== | Title : Smart Blog v1.3 Mulltiple Vulnerability | Author : indoushka | email : [email protected] | Dork : Actionnée par SMB SmartBlog | Tested on: windows SP2 Français V.Pnx2 2.0 | Bug : Mulltiple...

CVE-2010-1491

Directory traversal vulnerability in the MMS Blog commmsblog component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

Authentication flaw

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

Directory traversal

Directory traversal vulnerability in the MMS Blog commmsblog component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2009-4801

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

CVE-2009-4805

Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...

Sql injection

Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...

CVE-2010-1491

Directory traversal vulnerability in the MMS Blog commmsblog component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2009-4805

Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...

CVE-2009-4801

CVE-2009-4801 affects EZ-Blog Beta 1. The vulnerability is an authentication bypass: remote attackers can craft requests to PHP scripts to create or delete arbitrary posts due to missing access control. Root cause is lack of authentication on post-manipulation endpoints, enabling network-based, u...

CVE-2010-1491

Joomla! MMS Blog component 2.3.0 is vulnerable to Local File Inclusion via a directory traversal in the controller parameter of index.php (..). This allows reading arbitrary server files and potential additional impacts. The issue is due to improper sanitization in com_mmsblog 2.3.0. Remediation:...