7697 matches found
CVE-2005-0217
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter...
CVE-2005-0217
CVE-2005-0217 affects Invision Community Blog (index.php) with the eid parameter vulnerable to SQL injection. Root cause: unsanitized input in a database query via eid. Impact: partial disclosure/integrity/availability per NVD metrics. Exploitation: remote attackers can execute arbitrary SQL comm...
sparkleBlog.txt
Various Vulnerabilities in SparkleBlog SparkleBlog is an open-source PHP script which allows you to input and edit your weblog entries, without having to go through the hassle of coding in HTML and uploading via FTP every time you want to make an update. A weblog aka blog is simply an online...
Invision Community Blog Module eid Parameter SQL Injection
The remote host appears to be running Invision Community Blog, a weblog utility. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands through the 'index.php' script, which may in turn be used to gain administrative access on the remote host. %NASLMINLEVE...
Simple PHP Blog comments.php Traversal Arbitrary File Access
The remote version of Simple PHP Blog allows for retrieval of arbitrary files from the web server. These issues are due to a failure of the application to properly sanitize user-supplied input data. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
invisionSQL.txt
Invision Community Blog , is a powerful blogging system that will plug straight into your Invision Power Board. Allow your members to create their own individual blogs. Invision Community Blog is a comprehensive system with a very easy to use interface. Due to improper validation checks in the...
sphpBlog037.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Simple PHP Blog directory traversal vulnerability Vulnerability discovery: Madelman Date: 02/01/2005 Severity: Moderate Summary: - -------- I started this project because I wanted a dead-simple blog. Something that didn't require a database, us...
CVE-2004-1212
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. dot dot in the file argument...
Simple PHP Blog directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Simple PHP Blog directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 02/01/2005 Severity: Moderate Summary: - -------- I started this project because I wanted a dead-simple blog. Something that didn't...
[Full-Disclosure] Simple PHP Blog directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Simple PHP Blog directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 02/01/2005 Severity: Moderate Summary: - -------- I started this project because I wanted a dead-simple blog. Something that didn't...
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...
CVE-2004-1212
The CVE-2004-1212 entry describes a directory traversal vulnerability in Blog Torrent Preview 0.8, specifically in btdownload.php. An attacker can use a .. sequence in the file parameter to download arbitrary files from the affected server. The issue is exploitable remotely (no authentication req...
CVE-2004-1212
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. dot dot in the file argument...
ASP-Rider - SQL Injection
ASP-Rider - SQL Injection source: https://www.securityfocus.com/bid/11933/info A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker m...
Blog Torrent < 0.81 btdownload.php Multiple Vulnerabilities
There is a remote directory traversal vulnerability in Blog Torrent, a web-based application that allows users to host files for Bit Torrents. There is a cross-site scripting issue in the remote version of this software that may allow an attacker to set up attacks against third parties by using t...
Blog Torrent 0.80 - BTDownload.php Cross-Site Scripting
Blog Torrent 0.80 - BTDownload.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11839/info It is reported that Blog Torrent is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
There is a remote directory traversal vulnerability in log Torrent, a web-based application that allows users to host files for Bit Torrents. A malicious user can leverage this issue by requesting files outside of the web server root directory with directory traversal strings such as '../'. This...
Blog Torrent 0.8 - Directory Traversal
source: https://www.securityfocus.com/bid/11795/info It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. Blog Torrent preview 0.8 version is affected by this...
Blog Torrent 0.8 - Directory Traversal
Blog Torrent 0.8 - Directory Traversal source: https://www.securityfocus.com/bid/11795/info It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input. Blog Torrent preview 0....
Blog Torrent preview 0.8 - arbitary file download
Intro ----- Blogtorrent is a collection of PHP scripts which are designed to make it simple to host files for transfer via bittorrent. Whilst it is not normal to report security problems in "preview" releases of software this software was covered prominently upon Slashdot and could be widely used...