26 matches found
EUVD-2008-3289
Malware in sbrugna...
EUVD-2008-3291
Malware in sbrugna...
EUVD-2008-3292
Malware in sbrugna...
EUVD-2008-3290
Malware in sbrugna...
bilboblog 2.1 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------ Name : Bilboblog 2.1 Multiples Vulnerabilities Description : Bilboblog is a small application of micro-blogging in Php / MySQL Link :...
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...
Design/Logic Flaw
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3304
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2008-3301
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
Authentication flaw
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...
Sql injection
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3304
BilboBlog 0.2.1 is affected by an information-disclosure vulnerability. The issue arises when an attacker can trigger (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, causing an error message that reveals the installation path. The vulnerability deta...
CVE-2008-3304
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3301
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
CVE-2008-3301
CVE-2008-3301 concerns BilboBlog 0.2.1, with multiple XSS flaws. The vulnerabilities originate from conflicting code in widget.php and affect several entry points: admin/update.php (content), head.php (titleId), footer.php (t_lang[lang_copyright]), admin/ default URI (content), admin/homelink.php...
CVE-2008-3302
CVE-2008-3302 describes an SQL injection in BilboBlog 0.2.1. The vulnerability exists in admin/delete.php when magic_quotes_gpc is disabled, allowing remote authenticated administrators to execute arbitrary SQL commands via the num parameter. Public references confirm the affected component and c...
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...