EUVD-2008-0407

Malware in sbrugna...

EUVD-2008-0408

Malware in sbrugna...

CVE-2008-4784

aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflogautha cookie to "A" or "O" in 1 editdelete.php, 2 editcat.php, 3 editlock.php, and 4 editform.php...

CVE-2008-4784

aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflogautha cookie to "A" or "O" in 1 editdelete.php, 2 editcat.php, 3 editlock.php, and 4 editform.php...

CVE-2008-4784

CVE-2008-4784 affects aflog 1.01. A cookie-based flaw allows remote attackers to bypass authentication and obtain administrative access by setting aflog_auth_a to “A” or “O” in edit_delete.php, edit_cat.php, edit_lock.php, and edit_form.php. The issue is represented in multiple sources (NVD, Open...

aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies

No description provided by source. aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies url: http://www.aflog.org/download.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at...

aflog-insecure.txt

aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies url: http://www.aflog.org/download.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not...

aflog 1.01 - Multiple Insecure Cookie Handling Vulnerabilities

aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies url: http://www.aflog.org/download.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not...

aflog 1.01 - Multiple Insecure Cookie Handling Vulnerabilities

aflog 1.01 - Multiple Insecure Cookie Handling Vulnerabilities aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies url: http://www.aflog.org/download.php Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for...

aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies

Exploit for unknown platform in category web applications ========================================================== aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies ========================================================== aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies url...

aflog-xss.txt

//Author Dentrasi //Application Aflog //Version 1.01 //Site http://www.aflog.org //Bug Users' display names are not sanitized, allowing XSS attacks to be performed. //PoC When signing up, use the display name: alert'xss' This affects your name when viewing any page that you have posted a comment...

CVE-2008-0397

Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to comments.php and 2 an unspecified parameter to view.php...

CVE-2008-0398

Cross-site scripting XSS vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form...

Sql injection

Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to comments.php and 2 an unspecified parameter to view.php...

Cross site scripting

Cross-site scripting XSS vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form...

CVE-2008-0398

Cross-site scripting XSS vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form...

CVE-2008-0397

CVE-2008-0397 involves multiple SQL injection vulnerabilities in the web app aflog 1.01 (and possibly earlier). The issues allow remote attackers to execute arbitrary SQL commands through (1) the id parameter to comments.php and (2) an unspecified parameter to view.php . The vulnerability arises ...

CVE-2008-0397

Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to comments.php and 2 an unspecified parameter to view.php...

CVE-2008-0398

The CVE-2008-0398 entry describes a Cross-site scripting (XSS) vulnerability in aflog 1.01 and possibly earlier versions. The issue allows remote attackers to inject arbitrary web script or HTML via the comment form . According to the NVD entry, the CVSSv2 base score is 4.3 (Medium) with vector A...

aflog 1.01 comments.php XSS / SQL Injection Vulnerability

No description provided by source. Name: aflog 1.01 and possibly earlier Webiste: http://aflog.org/ Vulnerability type: SQL Injection comments.php and XSS Author: shinmai, 2008-01-22 Description: SQL INJECTION: SQL injection is possible in comments.php for the GET variable 'id', like this:...