b2evolution 4.0.3 Persistent XSS Vulnerability

No description provided by source. Source: http://packetstormsecurity.org/files/view/99362/b2evolution403-xss.txt ------------------------------------------------------------------------ Software................b2evolution 4.0.3 Vulnerability...........Persistent Cross-site Scripting Threat...

b2evolution 1.8.2/1.9 _404_not_found.page.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...

b2evolution 3.3.3 Cross Site Request Forgery [CSRF]

No description provided by source. ---------------------------------------------------------------------------- : Exploit Title: b2evolution 3.3.3 Cross site request forgery : : Date: 05/07/2010 & 23/07/1431 H : : Author: saudi0hacker : : Software Link: http://b2evolution.net/downloads/index.html...

CVE-2013-7352

Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...

CVE-2013-7352

Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...

CVE-2013-7352

CVE-2013-7352/2945 describe a CSRF-enabled SQL injection in b2evolution and its admin.php show_statuses[] parameter, affecting installations before 4.1.7. The issue allows remote (via CSRF) authenticated admins to run arbitrary SQL commands, potentially hijacking admin actions. Affected product: ...

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

Sql injection

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

CVE-2013-2945

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...

CVE-2013-2945

CVE-2013-2945 is a SQL injection vulnerability in blogs/admin.php of b2evolution before 4.1.7. The flaw enables remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter; note that this can be leveraged with CSRF to allow remote unauthenticated attack...

b2evolution CMS 5.0.6 Information Disclosure

b2evolution CMS 5.0.6 Reinstall Script Vulnerability ==================================================== Author indoushka ==================================================== vendor :...

b2evolution CMS 5.0.6 - XSS & FPD Vulnerabilities

Latest b2evolution CMS suffers on multiple Full Path Disclosure and Cross Site Scripting vulnerabilities. Title: b2evolution CMS 5.0.6 - XSS & FPD Version: 5.0.6 Latest ATM Vendor: b2evolution.net - en.wikipedia.org/wiki/B2evolution Demo: demo3.b2evolution.net Date: 01.25.2014 Contact:...

b2evolution 4.1.6 - Multiple Vulnerabilities

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

b2evolution 4.1.6 - Multiple Vulnerabilities

b2evolution 4.1.6 - Multiple Vulnerabilities Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type:...

SQL Injection in b2evolution

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

b2evolution 4.1.6 SQL Injection Vulnerability

b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities. Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public...

b2evolution 4.1.6 SQL Injection

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...