CVE-2005-2229

Blog Torrent 0.92 and earlier stores sensitive files under the web document root (in the data or torrents directories) with insufficient access control, enabling remote bidders to obtain sensitive information such as account names and password hashes (e.g., via data/newusers). Affected software: ...

CVE-2005-2229

Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the 1 data or 2 torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers...

CVE-2005-1946

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to an editentry, replyentry, or editcomment action, or 2 the mid parameter to an aboutme action...

CVE-2005-1945

Cross-site scripting XSS vulnerability in the converthighlitewords function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data...

CVE-2005-1945

CVE-2005-1945 affects Invision Blog prior to 1.1.2 Final. The vulnerability resides in the convert_highlite_words function, allowing remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data (XSS). Impact is cross-site scripting with partial integrity impact as...

CVE-2005-1946

CVE-2005-1946 affects Invision Blog (Invision Community Blog). The issue is multiple SQL injection vulnerabilities in the application’s input handling, allowing remote attackers to inject arbitrary SQL via the parameters (in editentry, replyentry, or editcomment actions) or (in the aboutme acti...

Invision Community Blog Multiple Vulnerabilities (SQLi, XSS)

The remote host is running Invision Community Blog, a plugin for Invision Power Board that lets users have their own blogs. The version installed on the remote host fails to properly sanitize user-supplied data making it prone to multiple SQL injection and cross-site scripting vulnerabilities...

Invision Community Blog Vulnerabilities

GulfTech Security Research June 7th, 2005 Vendor : Invision Power Services URL : http://www.invisionblog.com Version : All Versions Prior To 1.1.2 Final Risk : Multiple Vulnerabilities Description: Invision Blog is a community based blogging software that can be integrated into Invision Power...

CVE-2005-1945

Cross-site scripting XSS vulnerability in the converthighlitewords function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data...

CVE-2005-1946

Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to an editentry, replyentry, or editcomment action, or 2 the mid parameter to an aboutme action...

CVE-2004-2127

Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the file variable...

CVE-2004-2127

CVE-2004-2127 concerns a directory traversal in Web Blog 1.1 that allows remote attackers to read arbitrary files via a .. in the file variable. The affected component is the Web Blog 1.1 application; root cause is improper handling of the file parameter enabling traversal to parent directories. ...

WordPress Detection

The remote host is running WordPress, a free blog application written in PHP with a MySQL back-end. TRUSTED...

CVE-2004-1865

Cross-site scripting XSS vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name $blogname. NOTE: if administrators are normally allowed to add HTML by other means, e.g. through...

bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)

The remote host is running bBlog, an open source blog software application. According to its banner, the remote version of this software suffers from several vulnerabilities: - A SQL Injection Vulnerability It is reportedly possible to inject SQL statements through the 'postid' parameter of the...

CVE-2005-0853

betaparticle blog bp blog stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to 1 dbBlogMX.mdb for versions before 3.0, or 2 Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

CVE-2005-0217

SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter...

CVE-2005-1135

Cross-site scripting XSS vulnerability in search.php for Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2005-0802

Cross-site scripting XSS vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter...