CVE-2006-0239

CVE-2006-0239 describes multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1. An attacker can inject arbitrary script/HTML via (1) a comment to comments.asp and (2) possibly other fields in unspecified scripts. The accessible impact is partial confidentiality and integrity (per ...

CVE-2006-0240

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts...

CVE-2006-0240

CVE-2006-0240 involves multiple SQL injection vulnerabilities in Simple Blog 2.1 . The flaws allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly other parameters in unspecified scripts. The primary sources consistently descri...

[eVuln] Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability

New eVuln Advisory: Bit 5 Blog SQL Injection & Authentication Bypass Vulnerability http://evuln.com/vulns/31/summary/bt/ --------------------Summary---------------- Software: Bit 5 Blog Sowtware's Web Site: http://bit5blog.sourceforge.net/ Versions: 8.01 Critical Level: Moderate Type: SQL Injecti...

[eVuln] Bit 5 Blog JavaScript Insertion Vulnerability

New eVuln Advisory: Bit 5 Blog JavaScript Insertion Vulnerability http://evuln.com/vulns/32/summary/bt/ --------------------Summary---------------- Software: Bit 5 Blog Sowtware's Web Site: http://bit5blog.sourceforge.net/ Versions: 8.01 Critical Level: Harmless Type: Cross-Site Scripting Class:...

[SA18464] Bit 5 Blog Script Insertion and SQL Injection Vulnerabilities

TITLE: Bit 5 Blog Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18464 VERIFY ADVISORY: http://secunia.com/advisories/18464/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Bit 5 Blog 8.x...

Bit 5 Blog 8.1 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/16244/info Bit 5 Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

Bit 5 Blog 8.1 - index.php SQL Injection

Bit 5 Blog 8.1 - index.php SQL Injection source: https://www.securityfocus.com/bid/16244/info Bit 5 Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

CVE-2005-4690

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types such as HTML and image files by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to...

Split the mailbox in the Annex of the alternative breakthrough of-vulnerability warning-the black bar safety net

Just buy it to hack line of Defense 1 2 period, above a post titled the mailbox in the Annex of the alternative breakthrough of the articles, lake2 beg to differ, proposed to questionable. Oh to In the text the author says the e-mail attachments to exchange the data stream in the form of drawings...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

phpBB Blog 2.2.2 and earlier: A function in blog.php causes an invalid SQL query when the permalink parameter to index.php is cleansed to empty (non-digit chars stripped), leading to a SQL syntax error that leaks the full application pathname. This is not a true SQL injection in practice, but the...

simplebbs exploit-vulnerability warning-the black bar safety net

Go from: blog.56bug.org See the article, see do not understand to the authors the following animation Today show you simplebbs exploit to get shell method,and vulnerabilities related to the use of tools Looking for target:google inside search Powered by SimpleBBS you will find many This forum can...

blog12SQL.txt

Blog System v1.2 http://www.netartmedia.net/blogsystem/ is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters. http://HOST/index.php?mode=home&cat=-99SQL CODE http://HOST/blog.php?user=USER&note=-99SQL CODE...

CVE-2005-4054

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 categoryid, 2 entryid, 3 year, 4 month, and 5 day parameter...

CVE-2005-4049

Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the cat parameter in index.php and 2 the note parameter in blog.php...

CVE-2005-4054

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 categoryid, 2 entryid, 3 year, 4 month, and 5 day parameter...

CVE-2005-4049

Blog System 1.2 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands through (1) the cat parameter in index.php and (2) the note parameter in blog.php. The CVE entry reports these flaws and the NVD assessment indicates a high impact with ne...

CVE-2005-4049

Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the cat parameter in index.php and 2 the note parameter in blog.php...