15 matches found
EUVD-2008-0687
Malware in sbrugna...
EUVD-2006-5120
Malware in sbrugna...
EUVD-2008-0686
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...
CVE-2008-0677
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action...
Sql injection
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action...
CVE-2008-0676
Cross-site scripting XSS vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...
CVE-2008-0676
Cross-site scripting XSS vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...
CVE-2008-0676
CVE-2008-0676 describes a Cross-site Scripting (XSS) vulnerability in the search.php component of A-Blog 2. The flaw allows remote attackers to inject arbitrary web script or HTML via the words parameter, enabling potential credential theft or session manipulation through crafted search queries. ...
CVE-2008-0677
CVE-2008-0677 concerns an SQL injection in blog.php of A-Blog 2, triggered via the id parameter in a news action. The underlying issue is improper input handling in a PHP-based blog component, allowing an attacker to craft the id value to modify the SQL query executed by the application. Impact, ...
CVE-2006-5135
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 openbox, 2 middlebox, and 3 closebox parameters in a sources/myaccount.php; the 4 navigationend parameter in b navigation/search.php and c navigation/donation.php...
CVE-2006-5135
Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 openbox, 2 middlebox, and 3 closebox parameters in a sources/myaccount.php; the 4 navigationend parameter in b navigation/search.php and c navigation/donation.php...
CVE-2006-5135
CVE-2006-5135 describes multiple PHP remote file inclusion vulnerabilities in A-Blog 2. An attacker can cause arbitrary PHP code execution by supplying a URL in parameters such as navigation_start, navigation_middle, and open_box/middle_box/close_box in sources/myaccount.php, navigation_end in na...
EUVD-2006-5077
PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigationstart parameter...
CVE-2006-5092
CVE-2006-5092 and related CVEs describe PHP remote file inclusion (RFI) vulnerabilities in A-Blog 2. CVE-2006-5092 affects navigation/menu.php, allowing an attacker to trigger code execution by supplying a URL in the navigation_start parameter. CVE-2006-5135 expands to multiple RFI vectors across...