CVE-2006-6023

PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.ph...

CVE-2006-6023

PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.ph...

CVE-2006-6019

Cross-site scripting XSS vulnerability in extensions/googiespell/googlespellproxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2006-6023

Affected software: Bloo 1.0, in phoo.base.php. Vulnerability: PHP remote file inclusion via a URL provided to the descriptorFileList parameter, allowing remote code execution; root cause noted as descriptorFileList being used in a function definition. Impact: remote arbitrary PHP code execution (...

CVE-2006-6019

CVE-2006-6019 affects Bloo 1.0 (extensions/googiespell/googlespell_proxy.php). The vulnerability is a cross-site scripting (XSS) flaw in the lang parameter, caused by insufficient sanitization, allowing remote attackers to inject arbitrary script in the victim’s browser. Documented impact is clie...