CVE-2005-1137

Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sbfunctions.php, which leaks the full pathname in a PHP error message...

CVE-2005-0214

Directory traversal vulnerability in Simple PHP Blog SPHPBlog 0.3.7c allows remote attackers to read or create arbitrary files via a .. dot dot in the entry parameter...

CVE-2005-1288

inclogincheck.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie...

CVE-2005-0854

betaparticle blog bp blog, posisbly before version 4, allows remote attackers to bypass authentication and 1 upload files via a direct request to upload.asp or 2 delete files via a direct request to myFiles.asp...

CVE-2005-0945

Cross-site scripting XSS vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in 1 img, 2 link, or 3 mail tags...

CVE-2005-1288

The vulnerability CVE-2005-1288 affects ACS Blog 0.8 through 1.1.3, where attackers can gain administrator privileges by manipulating the value of the in cookie. Affected component: login/authentication flow (inc_login_check.asp). Root cause: insecure cookie handling that allows privilege escalat...

CVE-2005-1288

inclogincheck.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

CVE-2005-1169

CVE-2005-1169 affects the Mafia Blog .4 BETA package, where the admin directory is not properly protected. This allows remote attackers to execute arbitrary PHP code by abusing writeinfo.php to inject code into info.php. The flaw enables arbitrary code execution with no authentication required an...

CVE-2005-1137

Vulnerability CVE-2005-1137 affects Simple PHP Blog (sphpBlog) 0.4.0. The issue arises when an attacker directly requests sb_functions.php and triggers a PHP error message that leaks the full filesystem pathname, exposing sensitive information. This is a server-side information disclosure vulnera...

CVE-2005-1137

Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sbfunctions.php, which leaks the full pathname in a PHP error message...

CVE-2005-1135

Cross-site scripting XSS vulnerability in search.php for Simple PHP Blog sphpBlog 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

Mafia Blog

Mafia Blog Version: .4 BETA Vendor: http://chrisnowak.org/projects/mafia/ Author: Chris Nowak Let's go... There's no check on admin folder so, anyone could get admin access just accessing admin folder. As admin we can edit comments, upload images, Edit info about pictures and edit info about the...

Serendipity Detection

Serendipity, a PHP-based blog application, is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18054; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Serendipity Detection";...

CVE-2005-1136

Simple PHP Blog sphpBlog 0.4.0 stores the 1 password.txt and 2 config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files...

sphpblog search.php q Parameter XSS

Due to a lack of input validation, the remote version of Simple PHP Blog can be used to perform a cross-site scripting attack by injecting arbitrary script code to the 'q' parameter of the search.php script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; if...

serendipity SQL Injection vulnerability

ADZ Security Team =================== Info Program: serentdipity web blog system Version: 0.8beta4 Module: exit.php Bug type: SQL Injection Vendor site: http://www.s9y.org/ Vendor Informed: Yes =================== Bug Info // code start //....... $links = serendipitydbquery"SELECT link FROM...

CVE-2005-0945

CVE-2005-0945 describes a stored/reflected Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1, where remote attackers can inject arbitrary script via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. The NVD entry lists a base score of 4.3 (Medium) with network attack v...

CVE-2005-0945

Cross-site scripting XSS vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in 1 img, 2 link, or 3 mail tags...

Multiple XSS vulnerabilities in ACS Blog

These vulnerabilities have been tested on the latest version of ACS Blog. v1.1.1 In the comments section of ACS Blog, it is possible to execute an XSS attack through the link, mail, and img tags, due to lack of filtering of single quotes and spaces inside the tags. Examples/PoCs:...