Directory traversal

Directory traversal vulnerability in install05.php in Simple PHP Blog SPB 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the bloglanguage parameter, as demonstrated by injecting PHP sequences in...

CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog SPB 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the bloglanguage parameter, as demonstrated by injecting PHP sequences in...

CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog SPB 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the bloglanguage parameter, as demonstrated by injecting PHP sequences in...

CVE-2006-1243

CVE-2006-1243 affects Simple PHP Blog (SPB) up to version 0.4.7.1, via install05.php. The vulnerability is a local file inclusion triggered by improper handling of the blog_language parameter, allowing directory traversal and a NUL character to force inclusion of arbitrary local files (demonstrat...

Simple PHP Blog install05.php blog_language Parameter Local File Inclusion

The version of Simple PHP Blog installed on the remote host fails to sanitize input to the 'bloglanguage' parameter of the 'install05.php' script before using it in a PHP 'requireonce' function. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute...

Simple PHP Blog < 0.4.7.2 install05.php Local File Inclusion

Binary data 3476.prm...

Simple PHP Blog 0.4.7.1 - Remote Command Execution

Simple PHP Blog 0.4.7.1 - Remote Command Execution !/usr/bin/perl use IO::Socket; print "Simple PHP Blog this works with magicquotesgpc = Off\r\n\r\n"; short explaination: we have this code in install05.php: ... script is not deleted after installation, so, if magicquotesgpc = Off, you can includ...

Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =========================================================== Simple PHP Blog this works with magicquotesgpc = Off\r\n\r\n"; short explaination: we have this code in install05.php: ... script is not deleted after installation, so, if...

Simple PHP Blog 0.4.7.1 - Remote Command Execution

!/usr/bin/perl use IO::Socket; print "Simple PHP Blog this works with magicquotesgpc = Off\r\n\r\n"; short explaination: we have this code in install05.php: ... script is not deleted after installation, so, if magicquotesgpc = Off, you can include an arbitrary file from local resources, poc:...

CVE-2006-1143

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

Cross site scripting

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

CVE-2006-1143

Cross-site scripting XSS vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the commentbody parameter, as used by the comment field, when posting a comment...

CVE-2006-1143

CVE-2006-1143 describes a cross-site scripting vulnerability in FTPoed Blog Engine 1.1. The flaw allows remote attackers to inject arbitrary script or HTML via the comment_body parameter used when posting comments. The affected component is the blog engine’s comment handling; root cause is unvali...

sBlog_0.72_xss.txt

sBlog 0.7.2 == Multiple Cross-Site Scripting Vulnerability =================================== Information of Software: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Is very very simple and it's use by newbie of PHP...

Cross site scripting

Cross-site scripting XSS vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post...

CVE-2006-1072

Cross-site scripting XSS vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post...

PT-2006-2100 · Daverave · Daverave Simplog

Name of the Vulnerable Software and Affected Versions: Daverave Simplog versions 1.0.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a blog post. This could potentially lead to unauthorized actions on the affected...

EV0082.txt

New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site:...

[eVuln] Leif M. Wright&#39;s Blog Multiple Vulnerabilities

New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site:...

Authentication flaw

Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...