CVE-2009-4366

ScriptsEz Ez Blog 1.0 contains a cross-site scripting (XSS) vulnerability in index.php where the yr parameter in a bmonth action can be used to inject arbitrary web script/HTML. CVE-2009-4366 has CVSSv2 base score 4.3 (Medium); attack vector: Network; authentication: None; confidentiality impact:...

CVE-2009-4365

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

Simple PHP Blog 0.5.1 Local File Inclusion

============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored ============================================= I. VULNERABILITY...

Pluxml-Blog Beta 4.2 XSS

Script Name : Pluxml-blog Version : Pluxml-blog bêta 4.2 Bug Type : XSS vulnerability Found by : Metropolis Discovered : 17 December 2009 Download app : http://telechargements.pluxml.org/pluxml-blog-beta4-2.zip PoC : http://target/path/core/admin/auth.php?p=1Xss example :...

Pluxml-Blog B鳡 4.2 XSS Vulnerability

No description provided by source. Script Name : Pluxml-blog Version : Pluxml-blog bêta 4.2 Bug Type : XSS vulnerability Found by : Metropolis Discovered : 17 December 2009 Download app : http://telechargements.pluxml.org/pluxml-blog-beta4-2.zip PoC : http://target/path/core/admin/auth.php?p=1Xss...

Pluxml-Blog 4.2 - coreadminauth.php Cross-Site Scripting

Pluxml-Blog 4.2 - coreadminauth.php Cross-Site Scripting source: https://www.securityfocus.com/bid/37384/info Pluxml-Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script cod...

Pluxml-Blog 4.2 - '/core/admin/auth.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37384/info Pluxml-Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...

Ez Blog v1.0 (XSS/XSRF) Multiple Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Blog 1.0 XSS / XSRF

----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Blog v1.0 (XSS/XSRF) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================ Ez Blog v1.0 XSS/XSRF Multiple Vulnerabilities ================================================ ----------------------------------------------------------------------------------------------...

Ez Blog 1.0 - Cross-Site Scripting Cross-Site Request Forgery

Ez Blog 1.0 - Cross-Site Scripting Cross-Site Request Forgery ----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery

----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Mozilla Codesighs - Memory Corruption

!/usr/bin/perl thedailyshow.pl AKA Mozilla Codesighs Memory Corruption PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.12.2009 257 while0 == retval && NULL != fgetslineBuffer, sizeoflineBuffer, inOptions-mInput gdb 259 trimWhitelineBuffer; gdb trimWhite...

oBlog Persistant XSS CSRF Admin Bruteforce

No description provided by source. ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic...

Microsoft Technet Cross Site Scripting

A cross site scripting vulnerability was discovered by t3am3lite on the Microsoft technet site. Full blog with screenshots: http://security-sh3ll.blogspot.com/2009/11/microsoft-technet-vulnerable-to-cross.html Exploitation:...

Simple PHP Blog Remote Command Execution

This module combines three separate issues within The Simple PHP Blog 'Simple PHP Blog Remote Command Execution', 'Description' = %q This module combines three separate issues within The Simple PHP Blog = 0.4.0 application to upload arbitrary data and thus execute a shell. The first vulnerability...

Simplog v0.9.3.2 Mutliple Vulnerabilities

No description provided by source. Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amo...

Nullam Blog Multiple Vulnerabilities

Nullam Blog is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Simple PHP Blog 0.4.0 Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Simple PHP...

Joomla! Component Photo Blog alpha 3 alpha 3a - SQL Injection

Joomla! Component Photo Blog alpha 3 alpha 3a - SQL Injection / Joomla Component comphotoblog SQL injection vulnerability - category Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com Date : October 12, 2009 Tune In : http://antisecradio.fm choose your weapon / Software...