676 matches found
CVE-2006-0333
Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...
CVE-2006-0333
CVE-2006-0333: An XSS vulnerability in ar-blog 5.2 affects index.php, exploitable via the month or year parameters. Related entry CVE-2006-2809 expands the risk to additional parameters (count, next, Year_the_news, mo); note that the month/year vectors are already covered by CVE-2006-0333. No exp...
-2- [XSS] in ar-blog v 5.2
Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=XSS&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=XSS&all=9 Example : 1-...
CVE-2005-3495
Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...
CVE-2005-3494
Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...
CVE-2005-3494
Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...
CVE-2005-3495
CVE-2005-3495 affects Ar-blog (versions 5.2 and earlier). The vulnerability allows remote attackers to bypass authentication by manipulating cookies, indicating a flaw in how session/authentication state is enforced. The available documents confirm the vulnerability pattern (cookie-based auth byp...
CVE-2005-3494
CVE-2005-3494 describes a cross-site scripting (XSS) flaw in Ar-blog versions 5.2 and earlier. The vulnerability allows a remote attacker to inject arbitrary web script or HTML through a blog comment, potentially compromising user sessions or displaying malicious content. The connected documents ...
CVE-2005-3495
Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...
[SA17307] ar-blog Script Insertion and Authentication Bypass Vulnerabilities
TITLE: ar-blog Script Insertion and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA17307 VERIFY ADVISORY: http://secunia.com/advisories/17307/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: ar-blog 5.x...
[Full-disclosure] Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions
---------- Forwarded message ---------- From: M.o.H.a.J.a.L.i [email protected] Date: Oct 25, 2005 12:52 AM Subject: Vulnerability in Ar-blog ver 5.2 and prior versions To: [email protected] Vulnerability in Ar-blog ver 5.2 and prior Software: Ar-blog Vulnerable versions: = 5.2 Type:...
CVE-2004-1791
CVE-2004-1791 concerns Edimax AR-6004 ADSL Routers where the web management interface uses a default administrator name and password that also appear as the default login text. Multiple connected sources corroborate that this enables remote access to the device (attack surface is network-enabled)...
CVE-2004-1790
This CVE affects Edimax AR-6004 ADSL Routers. The issue is a Cross-site scripting (XSS) vulnerability in the web management interface, allowing remote attackers to inject arbitrary web script or HTML through the URL. The provided documents do not specify affected firmware versions, exact vulnerab...
CVE-2004-1791
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access...
CVE-2004-1790
Cross-site scripting XSS vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL...
CVE-2004-1790
Cross-site scripting XSS vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL...