b2evolution 3.3.3 Cross Site Request Forgery

---------------------------------------------------------------------------- : Exploit Title: b2evolution 3.3.3 Cross site request forgery : : Date: 05/07/2010 & 23/07/1431 H : : Author: saudi0hacker : : Software Link: http://b2evolution.net/downloads/index.html : : Version: 3.3.3 : : Tested on:...

CVE-2009-1657

Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-1657

CVE-2009-1657 describes multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution, allowing remote attackers to execute arbitrary SQL commands via unspecified vectors. The connected documents reiterate this issue and provide no explicit exploitation details or p...

b2evolution cross-site scripting vulnerability

Overview b2evolution, a blog publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...

Debian: Security Advisory (DSA-1568-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1568-1 (b2evolution)

The remote host is missing an update to b2evolution announced via advisory DSA 1568-1. OpenVAS Vulnerability Test $Id: deb15681.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1568-1 b2evolution Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian DSA-1568-1 : b2evolution - insufficient input sanitising

'unsticky' discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1568. The...

[SECURITY] [DSA 1568-1] New b2evolution packages fix cross site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-1568-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 05, 2008 http://www.debian.org/security/faq -...

DSA-1568-1 b2evolution - cross site scripting

Bulletin has no description...

CVE-2007-2681

CVE-2007-2681 affects b2evolution 1.6: a directory traversal vulnerability in blogs/index.php accessible via the core_subdir parameter allows remote attackers to include and execute arbitrary local files using .. traversal. The connected documents confirm the same vulnerability details, but do no...

CVE-2007-2358

Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the 1 incpath parameter to a anoskin.php, b astub.php, c admin.php, d contact.php, e default.php, f index.php, and g multiblogs.php in blogs/; the 2 viewpath and 3...

CVE-2007-2358

Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the 1 incpath parameter to a anoskin.php, b astub.php, c admin.php, d contact.php, e default.php, f index.php, and g multiblogs.php in blogs/; the 2 viewpath and 3...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the 1 incpath parameter to a anoskin.php, b astub.php, c admin.php, d contact.php, e default.php, f index.php, and g multiblogs.php in blogs/; the 2 viewpath and 3...

CVE-2007-2358

Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the 1 incpath parameter to a anoskin.php, b astub.php, c admin.php, d contact.php, e default.php, f index.php, and g multiblogs.php in blogs/; the 2 viewpath and 3...

CVE-2007-2358

CVE-2007-2358 affects b2evolution. It describes multiple PHP remote file inclusion vulnerabilities: arbitrary PHP code execution via URL parameters inc_path (to a_noskin.php, a_stub.php, admin.php, contact.php, default.php, index.php, multiblogs.php), view_path and control_path (to blogs/admin.ph...

Remote File Inclusion

b2evolution Remote File Inclusion Affected Software .: b2evolution Download..: http://b2evolution.net/ Risk ..............: high Date .........: 25/4/2007 Found by ..........: s433donlylinux Contact ...........: [email protected] Web .............: Www.hackerz.ir special thanx ........... A...

B2evolution 1.6 RFi

Script Name : B2evolution 1.6 Download : http://scripts.ringsworld.com/blog/b2evolution-1.6-2005-11-25.zip Coded by : KaRTaL Contact msn : k4rtalatgmaildotcom reguire : require dirnameFILE.'/'.$coresubdir.'blogmain.inc.php' ; exploit :...

JVN#64354801 b2evolution cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...

[SA23656] b2evolution "redirect_to" HTML Attribute Cross-Site Scripting

---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When...