CVE-2007-0175

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

CVE-2007-0175

CVE-2007-0175 describes an XSS vulnerability in b2evolution 1.8.6, where the htsrv/login.php script accepts scriptable attributes in the redirect_to parameter to inject arbitrary HTML/JS. Connected records corroborate remote cross-site scripting due to insufficient input sanitising. Debian/DSA-15...

CVE-2007-0175

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

b2evolution远程文件包含漏洞

b2evolution是一款基于PHP的WEB应用程序。 b2evolution不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'inc/CONTROL/imports/import-mt.php'脚本对用户提交的'incpath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 b2evolution 1.x 升级到最新版本： http://b2evolution.net/ http://victim/b2epath/inc/CONTROL/import/import-mt.php?basepat...

[SA23346] b2evolution "inc_path" File Inclusion Vulnerability

TITLE: b2evolution "incpath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA23346 VERIFY ADVISORY: http://secunia.com/advisories/23346/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: b2evolution 1.x http://secunia.com/product/12768/ DESCRIPTION: tarkus has...

CVE-2006-6417

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2006-6417

CVE-2006-6417 affects b2evolution versions 1.8.5 through 1.9 beta, where a remote file inclusion via the inc_path parameter allows an attacker to execute arbitrary PHP code. The root cause is improper handling of the inc_path input in inc/CONTROL/import/import-mt.php, enabling a crafted URL to in...

CVE-2006-6417

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2006-6197

Multiple cross-site scripting XSS vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the 1 appname parameter in a 404notfound.page.php, b 410statsgone.page.php, and c refererspam.page.php in inc/VIEW/errors/; the 2 baseurl...

CVE-2006-6197

CVE-2006-6197 affects b2evolution versions 1.8.2 through 1.9 beta, where multiple cross-site scripting flaws exist in inc/VIEW/errors/: (1) app_name in _404_not_found.page.php, _410_stats_gone.page.php, and _referer_spam.page.php; (2) baseurl in _404_not_found.page.php; and (3) ReqURI in _referer...

b2evolution-rfi.txt

Severity: High Title: b2evolution Remote File inclusion Vulnerability Date: 28.11.06 Author: tarkus tarkus at tiifp dot org Web: https://tiifp.org/tarkus Vendor: b2evolution http://b2evolution.net/ Affected Products: b2evolution 1.8.5 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - - -...

b2evolution.txt

Security Advisory Severity: Medium Title: b2evolution XSS Vulnerability Date: 28.11.06 Author: tarkus tarkus at tiifp dot org Web: https://tiifp.org/tarkus Vendor: b2evolution http://b2evolution.net/ Affected Products: b2evolution 1.8.2 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - -...

b2evolution 1.8.5 - 1.9b (import-mt.php) Remote File Include Vulnerability

No description provided by source. Severity: High Title: b2evolution Remote File inclusion Vulnerability Date: 28.11.06 Author: tarkus tarkus at tiifp dot org Web: https://tiifp.org/tarkus Vendor: b2evolution http://b2evolution.net/ Affected Products: b2evolution 1.8.5 - 1.9 beta - - - - - - - - ...

B2Evolution Import-MT.PHP远程文件包含漏洞

B2Evolution是一款基于php的WEB应用程序。 B2Evolution不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Import-MT.PHP'脚本对用户提交的'incpath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 b2evolution b2evolution 1.8.5 b2evolution b2evolution 1.9 beta b2evolution b2evolution 1.9 http://b2evolution.net/index.html...

b2evolution 1.8.5 - 1.9b (import-mt.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ========================================================================== b2evolution 1.8.5 - 1.9b import-mt.php Remote File Include Vulnerability ========================================================================== Severity: High...

b2evolution 1.8.5 1.9b - import-mt.php Remote File Inclusion

b2evolution 1.8.5 1.9b - import-mt.php Remote File Inclusion Severity: High Title: b2evolution Remote File inclusion Vulnerability Date: 28.11.06 Author: tarkus tarkus at tiifp dot org Web: https://tiifp.org/tarkus Vendor: b2evolution http://b2evolution.net/ Affected Products: b2evolution 1.8.5 -...

b2evolution 1.8.5 < 1.9b - 'import-mt.php' Remote File Inclusion

Severity: High Title: b2evolution Remote File inclusion Vulnerability Date: 28.11.06 Author: tarkus tarkus at tiifp dot org Web: https://tiifp.org/tarkus Vendor: b2evolution http://b2evolution.net/ Affected Products: b2evolution 1.8.5 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - - -...

b2evolution 1.8.21.9 - _referer_spam.page.php Multiple Cross-Site Scripting Vulnerabilities

b2evolution 1.8.21.9 - refererspam.page.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attack...

b2evolution 1.8.21.9 - _410_stats_gone.page.php?app_name Cross-Site Scripting

b2evolution 1.8.21.9 - 410statsgone.page.php?appname Cross-Site Scripting source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage...

b2evolution 1.8.2/1.9 - '_410_stats_gone.page.php?app_name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21334/info The b2evolution application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...