CVE-2007-3131

Cross-site scripting XSS vulnerability in addcomment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2007-3131

CVE-2007-3131 : The vulnerability is a Cross-site Scripting (XSS) flaw in Light Blog 4.1 prior to 20070606, reported in CVE-2007-3131. It affects add_comment.php where an attacker can supply a crafted id parameter to inject arbitrary web script or HTML. According to NVD, the impact is partial int...

lightblog-xss.txt

Application: Light Blog Web Site: http://www.publicwarehouse.co.uk/phpscripts/lightblog.php Versions: 4.1 Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: Yes fixed with the Same version number. download file now called LightBlog.zip instead of Light.zip Advisor...

CVE-2007-3083

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

Improper access control

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

CVE-2007-3083

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb...

CVE-2007-3083

CVE-2007-3083 affects Z-Blog 1.7, where sensitive data is stored under the web root with insufficient access control. An attacker can directly access zblog.mdb to download the database, per NVD entry. The CVSS v2 vector (AV:N/AC:L/Au:N/C:C/I:N/A:N) yields a base score of 7.8 (High). No remediatio...

Z-Blog 1.7 Authentication Bypass Database Download Vulnerability

Author : Hasadya Raed Contact : [email protected] Israel Hacker Greetz : Fairoz : Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability Script : Z-Blog 1.7 Impact : Remote Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216" Download :...

wordpress -- unmoderated comments disclosure

Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...

Fundanemt 2.2.0 - spellcheck.php Remote Code Execution

Fundanemt 2.2.0 - spellcheck.php Remote Code Execution 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i...

BoastMachine index.php Cross Site Scripting Vulnerability

Vulnerability: http://www.target.com/index.php?action=search&item=content&blog=3E223E3CScRiPt200a0d3Ealertdocument.cookie3B3C/ScRiPt3E Vulnerable: All Versions...

burak-sql.txt

$ Credits = RMx $ My Page = www.Expw0rm.com $ Script = Burak Yılmaz Blog tr v1.0 $ Download = http://aspindir.com/indir.asp?id=4854 $ Thanx My Friend = Liz0zim and CodexpLoder'tq $ Exploit = http://site.com/path/bry.asp?islem=yazidevam&id=-1+union+select+0,0,0,0,0,0,sifre,0+from+admin Regards...

Sql injection

SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-2420

SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-2420

SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sina blog XSS vulnerability-vulnerability warning-the black bar safety net

This afternoon just registered a Sina blog. And Baidu space, Sina only allows the editing part of the HTML Tag, the shield a lot of Tag and HTML attribute, the event is intended to prohibit the malicious code. Built a custom panel, find the content allowed in a STYLE tag, then write the following...

Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability

$ Credits = RMx $ My Page = www.Expw0rm.com $ Script = Burak Ylmaz Blog tr v1.0 $ Download = http://aspindir.com/indir.asp?id=4854 $ Thanx My Friend = Liz0zim and CodexpLoder'tq $ Exploit = http://site.com/path/bry.asp?islem=yazidevam&id=-1+union+select+0,0,0,0,0,0,sifre,0+from+admin Regards...

CVE-2007-2305

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

Directory traversal

Multiple directory traversal vulnerabilities in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to categories.php and other unspecified files...

CVE-2007-2304

Multiple directory traversal vulnerabilities in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to categories.php and other unspecified files...