7698 matches found
AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/18120/info AR-Blog is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
AlstraSoft E-Friends - XSS
AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...
CVE-2006-2564
Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...
CVE-2006-2564
Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...
CVE-2006-2522
Dayfox Blog 2.0 and earlier stores user credentials in edit/slogusers.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges...
Improper access control
Dayfox Blog 2.0 and earlier stores user credentials in edit/slogusers.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges...
CVE-2006-2522
Dayfox Blog 2.0 and earlier stores user credentials in edit/slogusers.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges...
CVE-2006-2522
CVE-2006-2522 affects Dayfox Blog 2.0 and earlier. The credential store is kept in edit/slog_users.txt at the web document root with insufficient access control, enabling remote attackers to gain privileges. The connected sources confirm this direct exposure of user credentials and the resulting ...
Dayfox Blog Insecure Password Storage
------------------------------------------------------------------ - Dayfox Blog Insecure Password Storage - -= http://colander.altervista.org/advisory/DayfoxBlog.txt =- ------------------------------------------------------------------ -= Dayfox Blog =- Omnipresent May 19, 2006 Vunerabilitys:...
Dayfox Blog Insecure Password Storage
Hi, I found a vulnerability in DayFox Blog. You can see my original advisory here: http://colander.altervista.org/advisory/DayfoxBlog.txt Let me know if you wanna to post it up! Best Regards, Omni -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Crea il tuo sito...
CANews Remote Multiple Vulnerability
------------------------------------------------------------------ - Dayfox Blog Insecure Password Storage - -= http://colander.altervista.org/advisory/DayfoxBlog.txt =- ------------------------------------------------------------------ -= Dayfox Blog =- Omnipresent May 19, 2006 Vunerabilitys:...
CVE-2006-2246
Cross-site scripting XSS vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry...
CVE-2006-2251
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
Sql injection
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
CVE-2006-2251
CVE-2006-2251: A SQL injection in the do_mmod function of mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL via the selectedbids parameter. Affected software is Invision Community Blog (ICB). The vulnerabili...
CVE-2006-2246
Cross-site scripting XSS vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry...
CVE-2006-2251
SQL injection vulnerability in the dommod function in mod.php in Invision Community Blog ICB 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter...
invisionCBSQL.txt
LEFT Invision Community Blog .. Bugs SQL Injection :- Filename :- mod.php Function name :- dommod The $ids Unfilter Input By Intval As Array : So We Can Do SQL Injection -- Arabic /LEFT RIGHT ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå .. áåÐÇ ÇáÓÈÈ ããßä Úãá ÷ÍÞäå /RIGHT LEFT php...
albinator <= 2.0.8 Remote File Inclusion Vuln and XSS
albinator = 2.0.8 Remote File Inclusion Vuln and XSS Vuln. discovered by :VietMafia & r0t Pridels Sec Crew Date: 3 may 2006 vendor:http://www.albinator.com/ affected versions:2.8 and prior orginal advisory:http://pridels.blogspot.com/2006/05/albinator-208-remote-file-inclusion.html Vuln...