EUVD-2007-0524

Malware in sbrugna...

CVE-2007-0526

CVE-2007-0526 describes multiple XSS vulnerabilities in Bitweaver 1.3.1. The attack vectors exploit the PATH_INFO portion of the URL to inject arbitrary script/HTML via the following pages: articles/edit.php, articles/list.php, blogs/list_blogs.php, and blogs/rankings.php. Root cause is cross-sit...

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sortmode=-98 query string to 1 blogs/listblogs.php, 2 fisheye/index.php, 3 wiki/orphanpages.php, or 4 wiki/listpages.php, which forces a SQL error. NOTE: the fisheye/listgalleries.php vector is already cover...

CVE-2006-6925

Multiple cross-site scripting XSS vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the message title field when submitting an article to articles/edit.php, 2 the message title field when submitting a blog post to blogs/post.php, or...

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sortmode=-98 query string to 1 blogs/listblogs.php, 2 fisheye/index.php, 3 wiki/orphanpages.php, or 4 wiki/listpages.php, which forces a SQL error. NOTE: the fisheye/listgalleries.php vector is already cover...

bitweaver <=1.3.1 [injection sql (post) & xss (post)]

bitweaver =1.3.1 injection sql post & xss post vendor site: http://www.bitweaver.org/ product :bitweaver 1.3.1 bug:injection sql post & multiples xss post risk : high severals juicy sql error can be found in the sortmode var , sql get : http://localhost/bitweaver/blogs/listblogs.php?sortmode=-98...