Unrestricted file upload

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in...

CVE-2010-0757

Unrestricted file upload vulnerability in index.php/Attach in WikyBlog 1.7.3rc2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension using the uploadform action, then accessing it via a direct request to the file in...

CVE-2010-0756

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to 1 index.php/Comment/Main, 2 index.php/Comment/Main/HomeWiky, or 3 index.php/Edit/Main...

CVE-2010-0755

The CVE-2010-0755 entry involves WikyBlog 1.7.3 rc2, where a PHP remote file inclusion vulnerability exists in include/WBmap.php. The underlying issue allows an attacker to supply a URL via the langFile parameter to trigger execution of arbitrary PHP code on the affected server. The description s...

CVE-2010-0757

WikyBlog 1.7.3rc2 is affected by an unrestricted file upload vulnerability in index.php/Attach. An authenticated user can upload a file with an executable extension via the uploadform action and then access it directly in userfiles/[username]/uploaded/ to execute arbitrary code. The root cause is...

CVE-2010-0756

WikyBlog 1.7.3 rc2 is affected by a session-fixation vulnerability where an attacker can hijack user sessions by setting the jsessionid to specific URLs (index.php/Comment/Main, index.php/Comment/Main/Home_Wiky, or index.php/Edit/Main). This CVE (CVE-2010-0756) is documented across NVD and CVE re...

CVE-2010-0754

Cross-site scripting XSS vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action...

CVE-2010-0754

WikyBlog is affected by CVE-2010-0754, a cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates. Versions 1.7.2 and 1.7.3 rc2 are vulnerable; the flaw allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action. OpenVAS entries cor...

CVE-2010-0755

PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter...

WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI

======================================================================================== | Title : WikyBlog-1.7.3rc2 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com | Web Site : http://www.wikyblog.com/ | Dork : Powered by WikyBlog | Tested on:...

WikyBlog Multiple Remote Input Validation Vulnerabilities

WikyBlog is prone to multiple vulnerabilities, including an arbitrary-file- upload issue, a cross-site scripting issue, a remote file-include issue and a session-fixation issue. Attackers can exploit these issues to: - execute arbitrary script code in the browser of an unsuspecting user in the...

WikyBlog <= 1.7.3rc2 Multiple Vulnerabilities

WikyBlog is prone to multiple vulnerabilities, including an arbitrary file upload issue, a cross-site scripting XSS issue, a remote file include issue and a session-fixation issue. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and a...

WikyBlog 1.7.3rc2 - Multiple Vulnerabilities

======================================================================================== | Title : WikyBlog-1.7.3rc2 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com | Web Site : http://www.wikyblog.com/ | Dork : Powered by WikyBlog | Tested on:...

CVE-2008-6097

Multiple cross-site scripting XSS vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 key parameter to index.php/Special/Main/keywordSearch, 2 revNum parameter to index.php/Edit/Main/Home, 3 to parameter to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 key parameter to index.php/Special/Main/keywordSearch, 2 revNum parameter to index.php/Edit/Main/Home, 3 to parameter to...

CVE-2008-6097

WikyBlog vulnerability CVE-2008-6097 affects versions before 1.7.1. It exposes multiple XSS vectors via (1) key in index.php/Special/Main/keywordSearch, (2) revNum in index.php/Edit/Main/Home, (3) a parameter in index.php/Special/Main/WhatLinksHere, (4) user in index.php/Special/Main/UserEdits, a...

CVE-2008-6097

Multiple cross-site scripting XSS vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 key parameter to index.php/Special/Main/keywordSearch, 2 revNum parameter to index.php/Edit/Main/Home, 3 to parameter to...

WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31525/info WikyBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities

WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31525/info WikyBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Cross site scripting

Cross-site scripting XSS vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element...