28 matches found
EUVD-2017-8943
Malware in sbrugna...
EUVD-2017-6433
Malware in sbrugna...
EUVD-2017-8945
Malware in sbrugna...
EUVD-2017-8944
Malware in sbrugna...
BlogoText Cross-Site Scripting Attack Vulnerability
BlogoText is a lightweight SQLite blogging engine. A cross-site scripting vulnerability exists in BlogoText versions prior to 3.7.6. The vulnerability can be exploited remotely to inject JavaScript code with the help of comments in the inc/conv.php file...
CVE-2017-17792
Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...
CVE-2017-17794
validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...
CVE-2017-17793
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
CVE-2017-17792
Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...
CVE-2017-17793
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
CVE-2017-17794
validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...
Information disclosure
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
Design/Logic Flaw
validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...
CVE-2017-17792
Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...
Cross site scripting
Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...
CVE-2017-17793
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
CVE-2017-17793
BlogoText 3.7.6 and earlier: information-disclosure vulnerability in admin/maintenance.php at creer_fichier_zip. An attacker can defeat the filename-randomization protection by supplying archiv~1.zip (8.3 filename) and read backup archives on Windows servers. Root cause is a flaw in the randomiza...
CVE-2017-17792
BlogoText (CMS) contains a Cross-site scripting (XSS) flaw in the markup_clean_href function, inc/conv.php, up to version 3.7.6. The root cause is improper handling in markup_clean_href that allows remote attackers to inject arbitrary JavaScript via a comment, as described in multiple sources (NV...
CVE-2017-17794
BlogoText (≤3.7.6) contains a vulnerability in validate_form_preferences() inside admin/preferences.php that allows bypassing access restrictions via the e-mail address field. Root cause is improper authorization logic around the email field, enabling privilege bypass. Affected: BlogoText up to v...
CVE-2017-17794
validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...