7698 matches found
CVE-2007-2304
Multiple directory traversal vulnerabilities in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to categories.php and other unspecified files...
CVE-2007-2304
CVE-2007-2304 affects Quick and Dirty Blog (QDBlog) 0.4 (and possibly earlier). The vulnerability is described as multiple directory traversal flaws that allow remote attackers to include and execute arbitrary local files via a .. in the theme parameter to categories.php and other unspecified fil...
Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection
Burak Yilmaz Blog 1.0 - BRY.asp SQL Injection source: https://www.securityfocus.com/bid/23678/info Burak Yilmaz Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
Burak Yilmaz Blog 1.0 - 'BRY.asp' SQL Injection
source: https://www.securityfocus.com/bid/23678/info Burak Yilmaz Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Cross site scripting in mephisto 0.7.3
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...
CVE-2007-1873.txt
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can b...
Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation
Hello all, In my blog today 1 I give a brief run-down of nine CVE entries that were recently published for Vista; the CVEs are numbered CVE-2007-1527 through CVE-2007-1535. At this point, I do not know who requested the entries be created. However, the entries are based on items reported in...
Mephisto blog is vulnerable to XSS
Hello everyone! Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id. Example Add new comment with the...
The big data library default address-vulnerability warning-the black bar safety net
/data/dvbbs7. mdb Action Network Forum database /databackup/dvbbs7. mdb Action Network Forum database /bbs/databackup/dvbbs7. mdb Action Network Forum database /admin/data/qcdnnews. mdb green to create article management system database /data/qcdnnews. mdb green to create article management syste...
Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting
Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting
source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...
MzK Blog - Katgoster.asp SQL Injection
MzK Blog - Katgoster.asp SQL Injection source: https://www.securityfocus.com/bid/24909/info MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
MzK Blog - 'Katgoster.asp' SQL Injection
source: https://www.securityfocus.com/bid/24909/info MzK Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
Code injection
Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...
CVE-2007-1525
Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...
CVE-2007-1525
Direct static code injection vulnerability in postpost.php in Dayfox Blog dfblog 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php...
CVE-2007-1525
CVE-2007-1525 affects Dayfox Blog (dfblog) 4. The vulnerability is in the file that serves posts (posts.php) via the parameter cat passed to postpost.php, enabling direct static code injection and remote execution of arbitrary PHP by an attacker. Public references in connected documents indicate ...
orionblog-remote.txt
Orion-Blog v2.0 Version Remote Privilege Escalation Exploit function ps unique.action=""+document.unique.site.value+"/admin/AdminBlogNewsEdit.asp"; unique.submit; --- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit --- Site Address : UniquE-KeyUniquE-Cracker [email protected]...
Dayfox Blog Postpost.PHP远程文件包含漏洞
Dayfox Blog是一款基于PHP的WEB应用程序。 Dayfox Blog不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Postpost.PHP'脚本对用户提交的'cmd'参数缺少过滤,直接提交SHELL命令作为参数数据,可导致以WEB权限执行任意命令。 Dayfox Blog 4.5 目前没有解决方案提供: http://hotscripts.com/Detailed/66344.html http://www.example.com/dfblog/posts.php?cmd=ls -la...
Authentication flaw
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp...