CVE-2006-3105

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

CVE-2006-3103

Cross-site scripting XSS vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the 1 error parameter in users/login.php and the 2 feedback parameter in articles/index.php...

CVE-2006-3103

CVE-2006-3103 describes a cross-site scripting (XSS) vulnerability in Bitweaver 1.3, allowing remote attackers to inject arbitrary web script or HTML via (1) the error parameter in users/login.php and (2) the feedback parameter in articles/index.php. The connected records confirm Bitweaver as the...