26 matches found
EUVD-2008-3289
Malware in sbrugna...
EUVD-2008-3291
Malware in sbrugna...
EUVD-2008-3292
Malware in sbrugna...
EUVD-2008-3290
Malware in sbrugna...
bilboblog 2.1 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------ Name : Bilboblog 2.1 Multiples Vulnerabilities Description : Bilboblog is a small application of micro-blogging in Php / MySQL Link :...
Authentication flaw
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
Design/Logic Flaw
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2008-3301
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
CVE-2008-3304
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...
Sql injection
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3301
Multiple cross-site scripting XSS vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web scri...
CVE-2008-3304
BilboBlog 0.2.1 is affected by an information-disclosure vulnerability. The issue arises when an attacker can trigger (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, causing an error message that reveals the installation path. The vulnerability deta...
CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magicquotesgpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter...
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when registerglobals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, adminlogin, password, and adminpasswd parameters...
CVE-2008-3304
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...
CVE-2008-3303
CVE-2008-3303 affects BilboBlog 0.2.1 where enabling PHP register_globals allows a remote attacker to bypass authentication and obtain administrative access by issuing a direct request that sets login, admin_login, password, and admin_passwd. The issue is a direct-authentication bypass vulnerabil...
CVE-2008-3302
CVE-2008-3302 describes an SQL injection in BilboBlog 0.2.1. The vulnerability exists in admin/delete.php when magic_quotes_gpc is disabled, allowing remote authenticated administrators to execute arbitrary SQL commands via the num parameter. Public references confirm the affected component and c...