CVE-2005-4054

CVE-2005-4054 describes a SQL injection vulnerability in index.php of PluggedOut Blog 1.9.5 and earlier. The issue allows remote attackers to inject arbitrary SQL commands through the parameters (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day. The connected documents confirm the aff...

PluggedOut Blog SQL vuln.

PluggedOut Blog SQL vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html vendor:www.pluggedout.com/index.php?pk=devblog affected version:1.9.4 , 1.9.5 and prior Product Description: Blog is an open source script you ca...

phpBB Blog 2.2.2 SQL inj. vuln.

phpBB Blog 2.2.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html vendor:http://www.outshine.com/phpbbblog/ affected version:2.2.2 and prior Product Description: This is a blog system for phpBB. It...

PluggedOut Blog 1.9.x - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/15746/info PluggedOut Blog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...

PluggedOut Blog 1.9.x - index.php Multiple SQL Injections

PluggedOut Blog 1.9.x - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/15746/info PluggedOut Blog is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQ...

Blog System v1.2 Multiple SQL Injection Vulnerabilities

Blog System v1.2 http://www.netartmedia.net/blogsystem/ is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters. http://HOST/index.php?mode=home&cat=-99SQL CODE http://HOST/blog.php?user=USER&note=-99SQL CODE...

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...

CVE-2005-3941

Orca Blog 1.3b and earlier is vulnerable to an SQL injection in blog.php, exploitable via the msg parameter to execute arbitrary SQL. Affected: Orca Blog (1.3b and earlier). Root cause: improper handling of user input in msg. Impact: partial confidentiality/integrity/availability per CVSS, base s...

CVE-2005-3941

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter...

CVE-2005-3941

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter...

Orca Blog 1.3 - blog.php SQL Injection

Orca Blog 1.3 - blog.php SQL Injection source: https://www.securityfocus.com/bid/15638/info Orca Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation cou...

88Script's Event Calendar v2.0 SQL inj. vuln.

88Script's Event Calendar v2.0 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/88scripts-event-calendar-v20-sql-inj.html Vendor:http://www.88scripts.com/ affected version: v2.0 and prior Product Description: A simple yet elegant even...

Orca Blog SQL inj. vuln.

Orca Blog SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html Vendor:http://www.greywyvern.com/orcablog affected version:1.3b and prior Product Description: The Orca Blog is a free and simple blogging system...

Orca Blog 1.3 - 'blog.php' SQL Injection

source: https://www.securityfocus.com/bid/15638/info Orca Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

AllWeb search SQL inj. vuln.

AllWeb search SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html Vendor:http://www.scripts-templates.com affected version: 3.0 and prior Product Description: Want to make money from your site traffic?...

DRZES HMS 3.2 Multiple vuln.

DRZES HMS 3.2 - Hosting Management System -multiple SQL inj. vuln. and XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html Vendor:http://drzes.com/ affected version:3.2 and prior Product description: Increase...

CVE-2005-3495

Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

CVE-2005-3495

Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...

[Full-disclosure] Buggy blogging

Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...