Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Referer and 2 User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly usin...

Improper access control

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0846

Multiple cross-site scripting XSS vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Referer and 2 User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly usin...

CVE-2006-0846

CVE-2006-0846 affects Leif M. Wright’s Blog 3.5. Multiple XSS vulnerabilities allow remote attackers to inject arbitrary scripts via the Referer and User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the Log page (ViewCommentsLog). Root cause: l...

CVE-2006-0843

CVE-2006-0843 affects Leif M. Wright's Blog 3.5. The vulnerability arises from storing the config file and other text files under the web root with insufficient access control, allowing remote attackers to read the administrator’s password. This is a remote access issue tied to web-root plaintext...

CVE-2006-0845

CVE-2006-0845 affects Leif M. Wright's Blog 3.5. The vulnerability arises when an administrator can configure the sendmail path to a malicious pathname, allowing remote authenticated users with admin privileges to execute arbitrary shell commands. The EVULN/SECURITYVULNS records indicate a shell ...

CVE-2006-0843

Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...

CVE-2006-0844

Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...

CVE-2006-0844

Leif M. Wright's Blog 3.5 is affected by an authentication bypass through cookie handling. The vulnerability arises because the blog.cgi script does not perform a password comparison when identifying an administrator via the blogAdmin cookie, enabling remote attackers to bypass login authenticati...

CVE-2006-0845

Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname...

[SA18923] Leif M. Wright's Blog Multiple Vulnerabilities

TITLE: Leif M. Wright's Blog Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18923 VERIFY ADVISORY: http://secunia.com/advisories/18923/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Leif M...

EV0079.txt

New eVuln Advisory: My Blog BBCode XSS Vulnerabilities http://evuln.com/vulns/79/summary.html --------------------Summary---------------- eVuln ID: EV0079 Software: My Blog Sowtware's Web Site: http://fuzzymonkey.net/cgi-bin/download.cgi?file=blog Versions: My Blog 1.63 Critical Level: Harmless...

[eVuln] Scriptme products BBCode 'url' XSS Vulnerability

New eVuln Advisory: Scriptme products BBCode 'url' XSS Vulnerability http://evuln.com/vulns/65/summary.html --------------------Summary---------------- eVuln ID: EV0065 CVE: CVE-2006-0661 Vendor: Scriptme Vendor's Web Site: http://www.scriptme.com/ Software: "SmE GB Host" "SmE Blog Host" Versions...

CVE-2006-0735

Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...

Cross site scripting

Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...

[eVuln] My Blog BBCode XSS Vulnerabilities

New eVuln Advisory: My Blog BBCode XSS Vulnerabilities http://evuln.com/vulns/79/summary.html --------------------Summary---------------- eVuln ID: EV0079 Software: My Blog Sowtware's Web Site: http://fuzzymonkey.net/cgi-bin/download.cgi?file=blog Versions: My Blog 1.63 Critical Level: Harmless...

CVE-2006-0661

Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...

Cross site scripting

Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...

CVE-2006-0661

Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...