7697 matches found
ar-blogv5.2.txt
Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=XSS&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=XSS&all=9 Example : 1-...
CVE-2006-0361
Cross-site scripting XSS vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an tag in the comment parameter, which strips most tags but not...
CVE-2006-0361
Cross-site scripting XSS vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an tag in the comment parameter, which strips most tags but not...
CVE-2006-0361
The CVE-2006-0361 entry concerns Bit 5 Blog 8.01. The vulnerability is a cross-site scripting (XSS) flaw in addcomment.php, where an attacker can inject arbitrary script/HTML by supplying a javascript URI within an tag in the comment parameter. The filter reportedly strips most tags but not , en...
Cross site scripting
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
CVE-2006-0333
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
simpleBlogXSS.txt
Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...
EV0032.txt
New eVuln Advisory: Bit 5 Blog JavaScript Insertion Vulnerability http://evuln.com/vulns/32/summary/bt/ --------------------Summary---------------- Software: Bit 5 Blog Sowtware's Web Site: http://bit5blog.sourceforge.net/ Versions: 8.01 Critical Level: Harmless Type: Cross-Site Scripting Class:...
CVE-2006-0333
CVE-2006-0333: An XSS vulnerability in ar-blog 5.2 affects index.php, exploitable via the month or year parameters. Related entry CVE-2006-2809 expands the risk to additional parameters (count, next, Year_the_news, mo); note that the month/year vectors are already covered by CVE-2006-0333. No exp...
CVE-2006-0333
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
EV0031.txt
New eVuln Advisory: Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability http://evuln.com/vulns/31/summary/bt/ --------------------Summary---------------- Software: Bit 5 Blog Sowtware's Web Site: http://bit5blog.sourceforge.net/ Versions: 8.01 Critical Level: Moderate Type: SQL Injecti...
-2- [XSS] in ar-blog v 5.2
Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=XSS&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=XSS&all=9 Example : 1-...
CVE-2006-0320
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username and 2 password parameter...
Authentication flaw
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1...
Sql injection
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username and 2 password parameter...
CVE-2006-0320
CVE-2006-0320 affects Bit 5 Blog 8.01, with vulnerability in admin/processlogin.php that allows an attacker to bypass authentication and execute arbitrary SQL via the (1) username and (2) password parameters. The provided connected documents confirm the affected file and the SQL injection mechani...
CVE-2006-0320
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username and 2 password parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...
Sql injection
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts...
CVE-2006-0239
Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...