CVE-2008-0422

CVE-2008-0422 describes a SQL injection in boastMachine (aka bMachine)

Directory traversal

Directory traversal vulnerability in index.php in boastMachine aka bMachine 2.8 allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...

CVE-2007-5417

CVE-2007-5417 describes a directory traversal vulnerability in boastMachine (bMachine) 2.8. The flaw exists in index.php where the id parameter can be manipulated with .. to read arbitrary files, exposing potential sensitive data. The connected documents confirm the affected product/version and t...

bMachine v 2.8 Local File Include Vulnerabilityes

X---- w w w . u N k n 0 w n . e u ----X bMachine v 2.8 Local File Inclusion Vulnerability ::Home: http://opensignature.sourceforge.net/blog/ ::Vuln Type : Local File Include LFI ::Discovered by : iNs PoC: index.php?id=../../../../../../../../../../etc/passwd d0rK: Powered by bMachine v 2.8 :: iNs...

CVE-2006-3829

Cross-site request forgery CSRF vulnerability in bmc/admin.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a deleteuser action...

CVE-2006-3831

The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...

CVE-2006-3829

CVE-2006-3829 affects Kailash Nadh boastMachine (formerly bMachine) up to version 3.1 and earlier. The issue is a Cross-site request Forgery (CSRF) in bmc/admin.php that allows remote attackers to perform actions as an administrator and delete arbitrary user accounts via a delete_user action. The...

CVE-2006-3826

CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.

CVE-2006-3831

The CVE-2006-3831 issue affects Kailash Nadh boastMachine (formerly bMachine) versions up to 3.1. The backup feature creates database backups with predictable filenames and stores them under the web root with insufficient access controls, enabling remote attackers to download a backup file and ob...

CVE-2006-3826

Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...

CVE-2006-3828

The CVE-2006-3828 entry concerns Kailash Nadh’s boastMachine (formerly bMachine)

CVE-2006-2491

BoastMachine (bMachine) 3.1 and earlier is affected by CVE-2006-2491, a cross-site scripting (XSS) flaw in index.php and bmc/admin.php. The vulnerability arises because user-supplied data in the query string is not properly filtered when accessed via $_SERVER["PHP_SELF"], enabling remote attacker...

CVE-2006-1841

Cross-site scripting XSS vulnerability in search.php in boastMachine bMachine 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field...

CVE-2006-1841

CVE-2006-1841 : A persistent XSS vulnerability exists in the search.php module of boastMachine (bMachine) 2.7, and possibly earlier versions before 2.9b. The flaw allows remote attackers to inject arbitrary web script or HTML via the key parameter used by the search field. The available documents...

Xss In bMachine 2٫7

Software: bMachine Web Site: http://boastology.com/ Versions:27 Type: Xss Exploit : http://www.xxx.com/bmachine/search.php serch : scriptalert1/script ||||||||||||||||||||||||||||||||||||||||||| |/////////////////////////////////////////| | almokanna | || |||||||||||||||||||||||||||||||||||||||||...

[UNIX] bMachine Cross Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...