CVE-2009-4825

The CVE-2009-4825 entry relates to 8pixel.net Blog 4, where sensitive data is stored under the web root with insufficient access control, enabling remote retrieval of a database via a direct request for App_Data/sb.mdb. The incident is described as a direct file download vulnerability (no exploit...

CVE-2008-3564

Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 p, 2 cat, and 3 archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC...

CVE-2008-3564

The CVE-2008-3564 entry concerns multiple directory traversal flaws in Dayfox Blog 4’s index.php. The vulnerability allows remote attackers to include and execute arbitrary local files by manipulating the dot-dot sequences in the (1) p, (2) cat, and (3) archive parameters. In some environments th...

Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability

No description provided by source. html !-- .-""""""""-. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8|-\IIIIII/-| / \ / @ +Iranian Are The Best In World+ Portal : Dayfox Blog V 4 Download : http://www.dayfoxdesigns.co.nr Dork : "Powered by Dayfox Designs" Author...

CVE-2005-1169

CVE-2005-1169 affects the Mafia Blog .4 BETA package, where the admin directory is not properly protected. This allows remote attackers to execute arbitrary PHP code by abusing writeinfo.php to inject code into info.php. The flaw enables arbitrary code execution with no authentication required an...