CVE-2007-2781

Cross-site scripting XSS vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element...

CVE-2007-2781

CVE-2007-2781 affects WikyBlog prior to 1.4.13, caused by an XSS flaw in include/sessionRegister.php. The vulnerability likely arises from a data2 array element, enabling remote attackers to inject arbitrary web script or HTML. Impact is partial confidentiality/integrity/availability due to scrip...

CVE-2007-2781

Cross-site scripting XSS vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element...

wikyblog-rfi.txt

WikyBlog-1.4.12index.php Remote File Include Vulnerability Found by : nkillers nkillersathotmail.com Download http://jaist.dl.sourceforge.net/sourceforge/wikyblog/WikyBlog-1.4.12.zip File: ./index.php requireonce$includeDir.'/wiki2.php'; requireonce$includeDir.'/wiki3.php'; Exploit...

CVE-2006-6466

Multiple cross-site scripting XSS vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 key, 2 d, 3 l, or 4 v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third par...

CVE-2006-6465

Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctypealpha before use...

CVE-2006-6465

WikyBlog v1.3.2 and earlier exposes a directory traversal risk in WBmap.php via the l parameter. The vulnerability is described as allowing remote inclusion/execution of local files, with the note that the l parameter is validated by ctype_alpha before use, which CVE disputes. Affected software i...

CVE-2006-6465

Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctypealpha before use...

CVE-2006-6466

CVE-2006-6466 affects WikyBlog 1.3.2 and earlier, due to cross-site scripting in WBmap.php allowing remote injection of arbitrary script/HTML via the (1) key, (2) d, (3) l, or (4) v parameters. The l vector is disputed since it is validated by ctype_alpha before use. This entry’s exploitation sta...

PT-2006-7074 · Wikyblog · Wikyblog

Name of the Vulnerable Software and Affected Versions: WikyBlog versions 1.3.2 and earlier Description: A directory traversal issue in WBmap.php allows remote attackers to include and execute arbitrary local files. This is achieved by using directory traversal sequences in the l parameter. Howeve...

WikyBlog Local File Inclusion Exploit

No description provided by source. r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com WikyBlog Local File Inclusion Exploit Software: WikyBlog 1.3 Vendor: http://www.wikyblog.com/ Released: 2006/12/01 Discovered & Exploit By:...

WikyBlog 1.3.2 (include/WBmap.php) Local File Inclusion Exploit

No description provided by source. r0ut3r Presents... Another r0ut3r discovery! writ3r at gmail.com WikyBlog Local File Inclusion Exploit Software: WikyBlog 1.3 Vendor: http://www.wikyblog.com/ Released: 2006/12/01 Discovered & Exploit By:...

wikyblog.txt

============================================================================================== WikyBlog = v1.4 WNBASEDIR Remote File Inclusion Exploit =============================================================================================== Bug in :index.php Vlu Code :...

CVE-2006-5193

PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter...

CVE-2006-5193

The CVE-2006-5193 entry concerns a PHP remote file inclusion in WikyBlog (Josh Schmidt) 1.2.3 and earlier, exploitable via a URL in the includeDir parameter to execute PHP code on the server. This is described in vendor/problem records and NVD references. The provided documents do not include spe...

CVE-2006-5193

PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter...

WikyBlog 1.2.x - index.php Remote File Inclusion

WikyBlog 1.2.x - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/20350/info WikyBlog is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application an...

WikyBlog 1.2.x - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/20350/info WikyBlog is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

============================================================================================== WikyBlog = v1.4 WNBASEDIR Remote File Inclusion Exploit =============================================================================================== Bug in :index.php Vlu Code :...