CVE-2005-3495

CVE-2005-3495 affects Ar-blog (versions 5.2 and earlier). The vulnerability allows remote attackers to bypass authentication by manipulating cookies, indicating a flaw in how session/authentication state is enforced. The available documents confirm the vulnerability pattern (cookie-based auth byp...

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

CVE-2005-3494

CVE-2005-3494 describes a cross-site scripting (XSS) flaw in Ar-blog versions 5.2 and earlier. The vulnerability allows a remote attacker to inject arbitrary web script or HTML through a blog comment, potentially compromising user sessions or displaying malicious content. The connected documents ...

CVE-2005-3473

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entry, 2 blogsubject, and 3 blogtext parameters involving the tempsubject variable in a previewcgi.php and b previewstaticcgi.php, or 4...

CVE-2005-3473

The CVE-2005-3473 entry describes multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog

Simple PHP Blog <= 0.4.5 SQL Injection

Binary data 3278.prm...

TUVSA-0511-001.txt

=========================================================== Simple PHP Blog: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0511-001, November 2, 2005...

Simple PHP Blog: Multiple XSS Vulnerabilities

=========================================================== Simple PHP Blog: Multiple XSS Vulnerabilities =========================================================== Technical University of Vienna Security Advisory TUVSA-0511-001, November 2, 2005...

Simple PHP Blog dir traversal

The remote host runs Simple PHP Blog, an open source blog written in PHP, which allows for retrieval of arbitrary files from the web server. These issues are due to a failure of the application to properly sanitize user-supplied input data. SPDX-FileCopyrightText: 2005 David Maciejak Some text...

Simple PHP Blog 0.4 - preview_static_cgi.php Multiple Cross-Site Scripting Vulnerabilities

Simple PHP Blog 0.4 - previewstaticcgi.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize...

Simple PHP Blog 0.4 - &#039;preview_static_cgi.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed i...

Simple PHP Blog 0.4 - &#039;colors.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed i...

[SA17307] ar-blog Script Insertion and Authentication Bypass Vulnerabilities

TITLE: ar-blog Script Insertion and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA17307 VERIFY ADVISORY: http://secunia.com/advisories/17307/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: ar-blog 5.x...

Zomplog Script Injection Vulnerability =&gt;3.4 &#40;all versions vulnerable&#41;

zomplog is prone to xss injection attacks. It is possible for a malicious zomplog user to inject hostile xss and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of zomplog. zomplog does not adequately filter xss tags...

[Full-disclosure] Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions

---------- Forwarded message ---------- From: M.o.H.a.J.a.L.i [email protected] Date: Oct 25, 2005 12:52 AM Subject: Vulnerability in Ar-blog ver 5.2 and prior versions To: [email protected] Vulnerability in Ar-blog ver 5.2 and prior Software: Ar-blog Vulnerable versions: = 5.2 Type:...

Want to learn real hacking techniques? Come in and see-vulnerability warning-the black bar safety net

SkyPerson Although I am a Diamondback bird! But still to advise to want to learn network technology people 1, Do not research QQ, after all, QQ is not the technology, stolen a few number? The program is not write yourself, there is nothing to be proud of. 2, Do not study how to crack the cafe,...

AlstraSoft E-Friends Remote Command Exucetion

AlstraSoft E-Friends Remote command exucetion Site : http://www.alstrasoft.com/efriends.htm Description : AlstraSoft E-Friends is an online social networking software that allows you to start your own site just like Friendster and Tribe.net. The E-Friends software allows members to connect to...

efriends.txt

AlstraSoft E-Friends Remote command exucetion Site : http://www.alstrasoft.com/efriends.htm Description : AlstraSoft E-Friends is an online social networking software that allows you to start your own site just like Friendster and Tribe.net. The E-Friends software allows members to connect to...

CVE-2005-2787

commentdeletecgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter...

CVE-2005-2787

CVE-2005-2787 concerns the Simple PHP Blog application. The description indicates that the script comment_delete_cgi.php is vulnerable: remote attackers can delete arbitrary files via the comment parameter. This fragility is the core of the vulnerability, arising from improper handling of input i...