wellyblog-xss.txt

Virangar Security Team Tilte: WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy Author..................: theEdit0r Homepage ...............: Www.Virangar.netwww.virangar.ir Location ...............: Iran Software ...............: WellyBlog Open Source Blog Portal Site Script...

Chipmunk Blog - archive.php Cross-Site Scripting

Chipmunk Blog - archive.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - 'members.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Chipmunk Blog - members.php Cross-Site Scripting

Chipmunk Blog - members.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - cat.php Cross-Site Scripting

Chipmunk Blog - cat.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

Chipmunk Blog - 'cat.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Chipmunk Blog - photos.php Cross-Site Scripting

Chipmunk Blog - photos.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - 'photos.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Chipmunk Blog - 'comments.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Chipmunk Blog - comments.php Cross-Site Scripting

Chipmunk Blog - comments.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - 'archive.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

DCFM Blog 'comments.php' SQL注入漏洞

BUGTRAQ ID: 29627 DCFM Blog是一款基于PHP的WEB应用程序。 DCFM Blog不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题是'comments.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库 DCFM Blog 0.9.4 目前没有解决方案提供： http://sourceforge.net/projects/dcfm-blog/ form...

CVE-2008-2685

SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626...

Sql injection

SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626...

CVE-2008-2685

SQL injection vulnerability in article.asp of Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter (distinct from CVE-2008-2626). The provided description confirms the vulnerability and affected version range; no additional exploit...

CVE-2008-2685

SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626...

CVE-2008-2671

SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2671

SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-2671

The CVE-2008-2671 entry describes a SQL injection in DCFM Blog 0.9.4, affecting comments.php where an attacker can modify the id parameter to execute arbitrary SQL commands remotely. Affected software: DCFM Blog 0.9.4 (comments.php). Root cause: unsanitized/unchecked id parameter leading to SQL c...