26 matches found
EUVD-2006-5070
Malware in sbrugna...
EUVD-2008-1984
Malware in sbrugna...
EUVD-2008-1867
Malware in sbrugna...
EUVD-2008-1866
Malware in sbrugna...
EUVD-2008-1868
Malware in sbrugna...
CVE-2008-1986
CVE-2008-1986 is a reported XSS vulnerability in Blog Pixel Motion (PixelMotion) affecting the file liste_article.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the jours parameter. The available sources describe the vulnerability and its impact as cross-site scr...
CVE-2008-1986
Cross-site scripting XSS vulnerability in listearticle.php in Blog Pixel Motion aka PixelMotion allows remote attackers to inject arbitrary web script or HTML via the jours parameter...
CVE-2008-1867
SQL injection vulnerability in Blog Pixel Motion aka Blog PixelMotion allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php...
CVE-2008-1868
admin/sauvBase.php in Blog Pixel Motion aka Blog PixelMotion does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information...
Sql injection
SQL injection vulnerability in Blog Pixel Motion aka Blog PixelMotion allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php...
Authentication flaw
admin/sauvBase.php in Blog Pixel Motion aka Blog PixelMotion does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information...
CVE-2008-1866
admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...
CVE-2008-1868
admin/sauvBase.php in Blog Pixel Motion aka Blog PixelMotion does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information...
CVE-2008-1867
SQL injection vulnerability in Blog Pixel Motion aka Blog PixelMotion allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php...
CVE-2008-1868
CVE-2008-1868 affects Blog Pixel Motion (Blog Pixel Motion) via admin/sauvBase.php, where authentication is not required. The underlying issue allows remote attackers to trigger a database backup dump and retrieve the resulting blogPM.sql, which contains sensitive information. The vulnerability e...
CVE-2008-1867
CVE-2008-1867 describes a SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion). The issue allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, potentially related to include/requetesIndex.php. The vulnerability affects the affected...
blogpixel-sql.txt
Blog Pixel Motion Sql Injection Vulnerability ------------------------------------------------------------------------------------------------- Author : parad0x Home : www.inso.host.sk Script : Blog PixelMotion Download : http://www.pixelmotion.org/zip/blog.zip...
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nomblog parameter, which is injected into include/variables.php...
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nomblog parameter, which is injected into include/variables.php...
CVE-2006-5086
Blog Pixel Motion 2.1.1 is affected. The vulnerability allows remote attackers to change the admin username and password via a direct request to insere_base.php using modified (1) login and (2) pass parameters. The original researcher claimed SQL injection, but the report notes that this is not S...