CVE-2006-5244

Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the docdirectory parameter in 1 downstat.php, 2 file.php, 3 findfile.php, 4 libreadfile.php, and 5...

moodle162.txt

// http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC:...

CVE-2006-5244

Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the docdirectory parameter in 1 downstat.php, 2 file.php, 3 findfile.php, 4 libreadfile.php, and 5...

CVE-2006-5244

The CVE-2006-5244 entry documents multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier when register_globals is enabled. The flaw allows an attacker to trigger arbitrary PHP code execution by providing a URL via the doc_directory parameter across several script...

CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...

CVE-2006-5183

Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the 1 adminlog.php, 2 postblog.php, 3 index.php, or 4 index2.php script in /edit...

CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter...

Moodle 'index.php' 'tag' Parameter SQL Injection

The installed version of Moodle fails to properly sanitize user- supplied input to the 'tag' parameter of the 'blog/index.php' script before using it in database queries. Provided the blog feature is enabled, an unauthenticated attacker can leverage this issue to manipulate database queries to...

CVE-2006-5219

Moodle 1.6.2 is affected by CVE-2006-5219 due to an SQL injection in blog/index.php of the blog module. The vulnerability is triggered via a double-encoded tag parameter, enabling remote attackers to execute arbitrary SQL commands. The issue impacts the Moodle 1.6.2 blog feature; CVSSv2 base scor...

OpenDock Easy Blog 1.4 - doc_directory File Inclusion

OpenDock Easy Blog 1.4 - docdirectory File Inclusion ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

OpenDock Easy Blog <=1.4 (doc_directory) File Include Vulnerabilities

No description provided by source. ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion

ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

SQL injection - moodle

// http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC:...

OpenDock Easy Blog <=1.4 (doc_directory) File Include Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== OpenDock Easy Blog =1.4 docdirectory File Include Vulnerabilities ===================================================================== ECHOADV50$2006...

[ECHO_ADV_50$2006]OpenDock Easy Blog &lt;=1.4 &#40;doc_directory&#41; Multiple Remote File Inclusion Vulnerability

ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...

CVE-2006-5183

CVE-2006-5183 affects Dayfox Designs Dayfox Blog 2.0 and involves multiple PHP remote file inclusion flaws in the /edit scripts (adminlog.php, postblog.php, index.php, index2.php). The underlying issue is unsafely constructed URLs in the slogin parameter, allowing an attacker to supply a remote P...

CVE-2006-5183

Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the 1 adminlog.php, 2 postblog.php, 3 index.php, or 4 index2.php script in /edit...

DayfoxBlogv2.0.txt

BiyoSecurity.Org script name : Dayfox Blog v2.0 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim Vulnerable files : adminlog.php postblog.php index.php index2.php Vulnerable code : includeonce $sloginpath . "/sloginlib.inc.php"; includeonce $sloginpath . "/header.inc.php"; Exploit :...

CVE-2006-5135

Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 openbox, 2 middlebox, and 3 closebox parameters in a sources/myaccount.php; the 4 navigationend parameter in b navigation/search.php and c navigation/donation.php...

Dayfox Blog v2.0 Remote file include

BiyoSecurity.Org script name : Dayfox Blog v2.0 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim Vulnerable files : adminlog.php postblog.php index.php index2.php Vulnerable code : includeonce $sloginpath . "/sloginlib.inc.php"; includeonce $sloginpath . "/header.inc.php"; Exploit :...