ACSblog111.txt

These vulnerabilities have been tested on the latest version of ACS Blog. v1.1.1 In the comments section of ACS Blog, it is possible to execute an XSS attack through the link, mail, and img tags, due to lack of filtering of single quotes and spaces inside the tags. Examples/PoCs:...

ACS Blog 0.80.91.01.1 - Name HTML Injection

ACS Blog 0.80.91.01.1 - Name HTML Injection source: https://www.securityfocus.com/bid/12921/info ACS Blog is affected by an HTML injection vulnerability. The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user view...

ACS Blog 0.8/0.9/1.0/1.1 - 'Name' HTML Injection

source: https://www.securityfocus.com/bid/12921/info ACS Blog is affected by an HTML injection vulnerability. The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page. Name:...

CVE-2005-0853

betaparticle blog bp blog stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to 1 dbBlogMX.mdb for versions before 3.0, or 2 Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions...

CVE-2005-0853

The CVE-2005-0853 entry concerns betaparticle blog (bp blog) where the database files are stored under the web root, enabling direct access to sensitive data via HTTP requests. Affected files are (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later, with vector 2 a...

CVE-2005-0854

betaparticle blog bp blog, posisbly before version 4, allows remote attackers to bypass authentication and 1 upload files via a direct request to upload.asp or 2 delete files via a direct request to myFiles.asp...

EUVD-2005-0854

betaparticle blog bp blog stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to 1 dbBlogMX.mdb for versions before 3.0, or 2 Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions...

CVE-2005-0854

The CVE-2005-0854 entry concerns betaparticle blog (bp blog) prior to version 4. It reports an authentication bypass that enables remote attackers to perform file operations via direct requests to upload.asp or myFiles.asp (upload and delete respectively). The vulnerability allows unauthorized ac...

[SA14668] betaparticle blog Exposure of Sensitive Information and Security Bypass

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: betaparticle blog Exposure of Sensitive Information an...

BetaParticle blog 2.03.0 - dbBlogMX.mdb Direct Request Database Disclosure

BetaParticle blog 2.03.0 - dbBlogMX.mdb Direct Request Database Disclosure source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficientl...

BetaParticle blog 2.0/3.0 - dbBlogMX.mdb Direct Request Database Disclosure

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...

BetaParticle blog 2.03.0 - upload.asp Arbitrary File Upload

BetaParticle blog 2.03.0 - upload.asp Arbitrary File Upload source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the...

BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...

BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...

BetaParticle blog 2.03.0 - myFiles.asp File Manipulation

BetaParticle blog 2.03.0 - myFiles.asp File Manipulation source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the...

CVE-2005-0802

CVE-2005-0802 concerns a cross-site scripting (XSS) vulnerability in the search.asp handler of ACS Blog versions 0.8 through 1.1b. The issue allows remote attackers to inject and execute arbitrary web script or HTML via the search parameter, potentially impacting users viewing search results. The...

XSS in ACS blog

XSS vulnerability exist in the ACS blog ASP WEBLOG SYSTEM . Vulnerable : ACS Blog v 0.8 ACS Blog v 0.9 ACS Blog v 1.0 ACS Blog v 1.1b Code : /search.asp?search=223Cbr3E3Ciframe+src3D22http3A2F2Fgoogle.com223E3C2Fiframe3E or goto /search.asp and copy this code : "briframe...

ACS Blog 0.80.91.01.1 - search.asp Cross-Site Scripting

ACS Blog 0.80.91.01.1 - search.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/12836/info ACS Blog is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverag...

ACS Blog 0.8/0.9/1.0/1.1 - 'search.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12836/info ACS Blog is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...

CVE-2005-0214

Directory traversal vulnerability in Simple PHP Blog SPHPBlog 0.3.7c allows remote attackers to read or create arbitrary files via a .. dot dot in the entry parameter...