26 matches found
EUVD-2017-9093
Malware in sbrugna...
EUVD-2017-9092
Malware in sbrugna...
CVE-2017-17949
Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...
CVE-2017-17949
Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...
CVE-2017-17949
Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...
Cross site request forgery (csrf)
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...
CVE-2017-17950
Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...
CVE-2017-17948
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...
CVE-2017-17948
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...
CVE-2017-17950
Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...
Sql injection
Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...
CVE-2017-17950
Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...
CVE-2017-17950
CVE-2017-17950 affects Cells Blog 3.5, where the pub_readpost.php ptid parameter enables SQL injection via user-supplied input. The vulnerability’s impact is described in multiple sources (e.g., NVD and CNVD) as allowing unauthorized access to data with partial to high severity. Exploitation deta...
CVE-2017-17949
CVE-2017-17949 applies to Cells Blog 3.5. The vulnerability is a Cross-Site Scripting (XSS) flaw exploited via the pub_readpost.php fmid parameter. The connected sources confirm XSS in Cells Blog 3.5 and describe the vulnerability vector, without providing a specific patch/version, workarounds, o...
CVE-2017-17949
Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...
Cells Blog 3.5 - bgid fmid fnid SQL Injection
Cells Blog 3.5 - bgid fmid fnid SQL Injection Exploit Title: Cells Blog 3.5 - SQL Injection Dork: N/A Date: 16.12.2017 Vendor Homepage: http://www.cells.tw/ Software Link: http://www.cells.tw/cells/ Version: 3.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Senc...
Cells Blog 3.5 - 'bgid' / 'fmid' / 'fnid' SQL Injection
Exploit Title: Cells Blog 3.5 - SQL Injection Dork: N/A Date: 16.12.2017 Vendor Homepage: http://www.cells.tw/ Software Link: http://www.cells.tw/cells/ Version: 3.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan Author Web: http://ihsan.net Author Social:...
Authentication flaw
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...
CVE-2006-0843
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password...
CVE-2006-0844
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie...