7738 matches found
CVE-2009-4421
Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...
Directory traversal
Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...
CVE-2009-4421
Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...
CVE-2009-4421
CVE-2009-4421 affects Simple PHP Blog
dvbbs 8. 2 reception 0day-vulnerability warning-the black bar safety net
Small aviation blog Use: Posting, the title for the following sql statement, and then comments. 0 for neutral, 1 for support, 2 for the opposition. At this time sql statement is executed Library name: a’,’,1,’hang’,’2008-2-4’,’,2;update//dvuser//set//useremail=dbname//where//username=’hang’-- Add...
Hasta Blog v2.3 XSS vulnerability
No description provided by source. ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || Script Name : Hasta Blog Bug Type : XSS vulnerability » Founder: LionTurk -...
Simple PHP Blog <= 0.5.1 Local File Include vulnerability
No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored...
Simple PHP Blog 0.5.1 - Local File Inclusion
Simple PHP Blog 0.5.1 - Local File Inclusion Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in th...
Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability
No description provided by source. Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context ...
Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================= Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability ========================================================= Simple PHP Blog is prone to a local file-include vulnerability...
Simple PHP Blog 0.5.1 - Local File Inclusion
Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may...
CVE-2009-4364
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2009-4365
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
CVE-2009-4366
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2009-4364
CVE-2009-4364 describes a Cross-site Scripting (XSS) vulnerability in the ScriptsEz Ez Blog, affecting the application’s index.php where the cname parameter can inject arbitrary web script/HTML (related to the act and id parameters). The root cause is insufficient input validation on cname. Impac...
CVE-2009-4365
CVE-2009-4365 describes multiple cross-site request forgery (CSRF) vulnerabilities in admin.php of ScriptsEz Ez Blog 1.0. The issue allows remote attackers to hijack administrator sessions and perform actions such as adding a blog (add_blog), approving comments (approve_comment), changing adminis...
CVE-2009-4366
ScriptsEz Ez Blog 1.0 contains a cross-site scripting (XSS) vulnerability in index.php where the yr parameter in a bmonth action can be used to inject arbitrary web script/HTML. CVE-2009-4366 has CVSSv2 base score 4.3 (Medium); attack vector: Network; authentication: None; confidentiality impact:...