BlogEngine.NET 1.4 'search.aspx' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34227/info BlogEngine.NET is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site a...

BlogEngine.NET <= 2.8.0.0 Information Disclosure Vulnerability - Active Check

BlogEngine.NET is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-6953

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file...

Default credentials

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file...

BlogEngine.NET 'sioc.axd'信息泄露漏洞

BUGTRAQ ID: 64635 CVECAN ID: CVE-2013-6953 BlogEngine.NET是轻量级ASP.NET博客平台。 BlogEngine.NET 2.8.0.0及更早版本在实现上存在信息泄露漏洞，这可使未经身份验证的用户查看BlogEngine.net站点的用户名和哈希密码。 0 BlogEngine.NET BlogEngine.NET 2.0 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.dotnetblogengine.net/...

CVE-2013-6953

Summary of CVE-2013-6953 : BlogEngine.NET 2.8.0.0 and earlier contains an information disclosure vulnerability that allows a remote attacker to read usernames and password hashes by requesting the sioc.axd file. The issue is caused by access to sioc.axd revealing credential information. Public so...

CVE-2013-6953

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file...

BlogEngine.net information disclosure vulnerability

Overview BlogEngine.net 2.8.0.0 and earlier versions contain an information disclosure vulnerability which could allow an attacker to gain access to credentials. Description CWE-200: Information ExposureBlogEngine.net 2.8.0.0 and earlier contain an information disclosure vulnerability which could...

BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access

The web server hosts BlogEngine.NET, an open source .NET blogging project. An install of the software on the remote host allows unauthenticated access to the 'GetFile' function of the 'api/BlogImporter.asmx' script. An unauthenticated, remote attacker may be able to abuse this function to copy...

BlogEngine.NET 1.6 Multiple Vulnerabilities

Product: BlogEngine.NET Vendor informed: 24 Sep 2010 Fixed Version Released: 01 Jan 2011 Affected Versions: 1.6.x and prior versions Severtiy: Critical Impact: Information Discloure and System Compromise Description: BlogEngine.NET is an open source .NET blogging project that was born out of desi...

BlogEngine.NET 1.6 - Directory Traversal Information Disclosure

BlogEngine.NET 1.6 - Directory Traversal Information Disclosure source: https://www.securityfocus.com/bid/45681/info BlogEngine.NET is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied inpu...

BlogEngine.NET Unauthorized Access / Directory Traversal

Product: BlogEngine.NET Vendor informed: 24 Sep 2010 Fixed Version Released: 01 Jan 2011 Affected Versions: 1.6.x and prior versions Severtiy: Critical Impact: Information Discloure and System Compromise Description: BlogEngine.NET is an open source .NET blogging project that was born out of desi...

BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure

source: https://www.securityfocus.com/bid/45681/info BlogEngine.NET is prone to a directory-traversal vulnerability and an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting the issues may allow an attacker to obtain sensiti...

Cumulus Widget For BlogEngine.NET Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerability in widget Cumulus for BlogEngine.NET. ----------------------------- Advisory: Vulnerability in widget Cumulus for BlogEngine.NET ----------------------------- URL: http://websecurity.com.ua/4184/ -----------------------------...

Vulnerability in widget Cumulus for BlogEngine.NET

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в виджете Cumulus для BlogEngine.NET. Данная XSS уязвимость идентична XSS уязвимости в WP-Cumulus и других веб приложениях, о которых я уже сообщал, т.к. приложение использует tagcloud.swf созданный автором WP-Cumulus. Про миллион...

BlogEngine.NET 1.4 - search.aspx Cross-Site Scripting

BlogEngine.NET 1.4 - search.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/34227/info BlogEngine.NET is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

BlogEngine.NET 1.4 - &#039;search.aspx&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/34227/info BlogEngine.NET is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based...

CVE-2008-6476

Cross-site scripting XSS vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2008-6476

Cross-site scripting XSS vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter...