CVE-2007-1471

admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp...

CVE-2007-1471

CVE-2007-1471 affects Orion-Blog 2.0. The vulnerability allows remote attackers to bypass authentication by directly requesting admin/AdminBlogNewsEdit.asp, gaining privileges without valid credentials. No remediation details are provided in the connected documents.

CVE-2007-1471

admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp...

Orion-Blog 2.0 (AdminBlogNewsEdit.asp) Remote Auth Bypass Vuln

No description provided by source. !-- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit Type : Privilege Escalation Release Date : 2007-03-14 Product : Orion-Blog Bug : http://localhost/script/admin/default.asp Privilege Escalation Exploit : -- titleOrion-Blog v2.0 Version Remote...

Orion-Blog 2.0 (AdminBlogNewsEdit.asp) Remote Auth Bypass Vuln

Exploit for unknown platform in category web applications ============================================================== Orion-Blog 2.0 AdminBlogNewsEdit.asp Remote Auth Bypass Vuln ============================================================== Orion-Blog v2.0 Version Remote Privilege Escalation...

Orion-Blog 2.0 - Remote Authentication Bypass

Orion-Blog v2.0 Version Remote Privilege Escalation Exploit function ps unique.action=""+document.unique.site.value+"/admin/AdminBlogNewsEdit.asp"; unique.submit; --- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit --- Site Address : UniquE-KeyUniquE-Cracker [email protected]...

Orion-Blog 2.0 - Remote Authentication Bypass

Orion-Blog 2.0 - Remote Authentication Bypass Orion-Blog v2.0 Version Remote Privilege Escalation Exploit function ps unique.action=""+document.unique.site.value+"/admin/AdminBlogNewsEdit.asp"; unique.submit; --- Orion-Blog v2.0 Version Remote Privilege Escalation Exploit --- Site Address :...

CVE-2007-1445

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter...

Sql injection

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter...

BP Blog 7.0 (default.asp layout) Remote SQL Injection Vulnerability

No description provided by source. BeyazKurt Script : BP Blog D0rk : "Powered by BP Blog 7.0" thnx : Forever.slam and all WorldHackerz Team! WorldHackerz Mirr0r'da Taht Bizimdir h := ------- Exploit :...

Dayfox Blog 4 - postpost.php Remote Code Execution

Dayfox Blog 4 - postpost.php Remote Code Execution / \ / @ +Iranian Are The Best In World+ Portal : Dayfox Blog V 4 Download : http://www.dayfoxdesigns.co.nr Dork : "Powered by Dayfox Designs" Author : Dj7xpl | [email protected] Risk : High Remote Code Execution +...

Dayfox Blog 4 - 'postpost.php' Remote Code Execution

/ \ / @ +Iranian Are The Best In World+ Portal : Dayfox Blog V 4 Download : http://www.dayfoxdesigns.co.nr Dork : "Powered by Dayfox Designs" Author : Dj7xpl | [email protected] Risk : High Remote Code Execution +...

CVE-2007-1445

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter...

grayscale-multi.txt

Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-02-24 - Not...

CVE-2007-1445

CVE-2007-1445 affects BP Blog 7.0–7.0.2. The vulnerability is in the heme preview feature of default.asp, where an attacker can inject SQL through the layout parameter, enabling arbitrary SQL commands on the backend. The CVSS-derived context from the NVD indicates a network-accessible, low-attack...

Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability

No description provided by source. html !-- .-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8|-\IIIIII/-| / \ / @ +Iranian Are The Best In World+ Portal : Dayfox Blog V 4 Download : http://www.dayfoxdesigns.co.nr Dork : "Powered by Dayfox Designs" Author...

Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ================================================================ Dayfox Blog 4 postpost.php Remote Code Execution Vulnerability ================================================================ / \ / @ +Iranian Are The Best In World+...

CVE-2007-1434

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a userdetail.php, id and 2 url parameter to b jump.php, and id variable to c detail.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to 1 scripts/addblogcomment.php and 2 detail.php...

CVE-2007-1432

Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in 1 the userpermissions parameter to addusers.php, and unspecified parameters to 2 addblog.php, 3 editblog.php, 4 editlinks.php, 5 editusers.php, and 6...