CVE-2005-2787

commentdeletecgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter...

XSS in GreyMatter blog

Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like script/script, administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log...

greymatterXSS.txt

Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like , administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log files Admin...

multiVulns.txt

Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;'...

CVE-2005-2733

uploadimgcgi.php in Simple PHP Blog SPHPBlog does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code...

CVE-2005-2733

uploadimgcgi.php in Simple PHP Blog SPHPBlog does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code...

CVE-2005-2733

The CVE-2005-2733 issue affects Simple PHP Blog (SPHPBlog) where upload_img_cgi.php does not properly restrict uploaded file extensions, enabling remote code execution. The vulnerability is documented in NVD with a base score of 7.5 (HIGH) and is evidenced by the SPHPBlog file-upload weakness des...

Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities

=============================================================================== XOR Crew :: Security Advisory 8/25/2005 =============================================================================== Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities...

Simple PHP Blog (SPHPBlog) <= 0.4.0 Multiple Vulnerabilities

Binary data 3184.prm...

[SA16598] Simple PHP Blog Image File Upload Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2347

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...

CVE-2004-2347

The CVE-2004-2347 entry applies to Leif M. Wright Web Blog (blog.cgi) versions 1.1 and 1.1.5. The vulnerability arises in the ViewFile request’s file parameter, where shell metacharacters (e.g., |) enable remote command execution. Impact is remote arbitrary commands executed with the web server u...

rsaXSS.txt

RSA XSS Vulnerabilities Author: Rodrigo Gutierrez Affected: RSA "Speaking of Security" Blog Status: Notified Hereby Vendor url: http://www.rsasecurity.com Background. RSA secures more than 15 million user identities, safeguards trillions of business transactions annually and manages the...

[UNIX] Blog Torrent Remote User and Password Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

pluggedBlog.txt

Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...

CVE-2005-2416

Multiple cross-site scripting XSS vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 term parameter to the search module or 2 title in the blog aggregation module...

CVE-2005-2416

Multiple cross-site scripting XSS vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 term parameter to the search module or 2 title in the blog aggregation module...

Contrexx 1.0.4 - Multiple Input Validation Vulnerabilities

Contrexx 1.0.4 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/14352/info Contrexx is affected by multiple input validation vulnerabilities. These issues can allow an attacker to carry out HTML injection, SQL injection and information disclosure attacks...

Hardened-PHP Project Security Advisory 2005-11.59

Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in Contrexx Release Date: 2005/07/21 Last Modified: 2005/07/18 Author: Christopher Kunz Application: Contrexx 1.0.5 Severity: Cross-Site Scripting, SQL injection and information disclosure, passwo...

CVE-2005-2229

Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the 1 data or 2 torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers...