311 matches found
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/preferences.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is an open source content management system CMS. A security vulnerability exists in Bitweaver version 3.1.0, which can be exploited by remote attackers to inject JavaScript via the user admin edit group.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/index.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/usersimport.php URI...
CVE-2012-5193
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 stats/index.php or 2 newsletters/edition.php or the 3 username parameter to users/remindpassword.php, 4 days parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 stats/index.php or 2 newsletters/edition.php or the 3 username parameter to users/remindpassword.php, 4 days parameter to...
CVE-2012-5193
Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 stats/index.php or 2 newsletters/edition.php or the 3 username parameter to users/remindpassword.php, 4 days parameter to...
CVE-2012-5193
Bitweaver 2.8.1 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities (CVE-2012-5193). Attackers can inject arbitrary web script or HTML by manipulating path info or specific parameters: stats/index.php (path info, days), newsletters/edition.php, users/remind_pa...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
Bitweaver 1.x/2.0 search/index.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/26801/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple...
Bitweaver 1.1.1 view.php blog_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
Bitweaver 1.x wiki/list_pages.php sort_mode Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
Bitweaver 1.1.1 my.php sort_mode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
bitweaver 2.8.0 - Multiple Vulnerabilities
No description provided by source. exploit title: Path Disclosure bitweaver 2.8 date: 25.o2.2o11 author: lemlajt software : bitweaver version: 2.8 tested on: linux cve : Path Disclosure bitweaver 2.8 PoC : http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php?page=%27 sql...
Bitweaver 1.x/2.0 search/index.php highlight Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/26801/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple...
Bitweaver 1.1.1 message_box.php sort_mode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
Bitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
Bitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...
bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo bitweaver = v1.3 'tmpImagePath' attachment modmime exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \powered by bitweaver\r\n\r\n; if $argc4 echo Usage: php...
Bitweaver 1.x fisheye/list_galleries.php sort_mode Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...