EUVD-2019-17125

Malware in sbrugna...

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

Bo-blog Wind CMS ad***.mo***.php page suffers from SQL injection vulnerability

Bo-blog Wind BW for short is a lightweight personal blogging program. A SQL injection vulnerability exists in the Bo-blog Wind CMS ad.mo.php page. An attacker can exploit the vulnerability to obtain sensitive database information...

Sql injection

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

CVE-2019-7587

CVE-2019-7587 affects Bo-blog Wind through 1.6.0-r. The vulnerability is a SQL Injection in the admin.php/comments/batchdel/ comID parameter, caused by mishandling in the mode/admin.mode.php delBlockedBatch function. The connected sources corroborate the issue and describe it as a SQL injection v...

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

Bo-Blog 2.1.1 usergroup参数 跨站脚本攻击漏洞

No description provided by source...

Bo-blog 2.1.1 xmlrpc.php 上传漏洞

No description provided by source...

Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection

Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to...

Bo-Blog 2.1.1 Cross Site Scripting / SQL Injection

Exploit Title : Bo-Blog 2.1.1 Multiple Vulnerabilites Exploit Author : Ashiyane Digital Security Team Official site : http://www.bo-blog.com/ Tested on: Windows,Linux /////////////////////////////////////////////// Google Dork : intext:"Powered by Bo-Blog 2.1.1"...

Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection

source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the browser,...

Bo-Blog tag.php跨站漏洞

tag.php中的mode变量过滤不严，导致xss存在 攻击者可窃取用户cookie或者构造CSRF。 0 Bo-Blog 2.1.1 inc/modtag.php里的第61行 acceptrequest'mode'; 之后，加上 $mode = intval$mode;...

bo-blog xss vulnerability-vulnerability warning-the black bar safety net

Bo-Blog is an domestic excellent open source blogging, wordpress and other blog Bo-Blog the advantage of easy to use, convenient, efficiency is high. If wordpress is the professional blogging program so Bo-blog is a civilian blog. Bo-blog The advantages and disadvantages are obvious, the...

Bo-Blog 2.1.0 go.php 文件包含漏洞

No description provided by source...

Bo-Blog 2.1.0 remote code execution exploit

No description provided by source...

Bo-Blog v1.4 单用户版分类列表文件读取漏洞

Bo-Blog 是一款基於PHP的、以MySQL為資料庫支持的免費blog程式 在文件“blog.php”中，功能“分类列表”。 参数“cat=”没有经过任何处理，直接使用“$allfiles=@file"$dirblog/$cat.php";”读文件。 导致如果提交文件名，那么就会直接读取该文件处理输出。 if $job=="showcat" //列出某个分类下所有entries if !fileexists"$dirblog/$cat.php" wronginfo"没有找到这个分类。"; unset $allfiles;...

Bo-Blog v2.1.1 COOKIE欺骗漏洞

No description provided by source...

Bo-blog v2.1.1 注入漏洞

inc/modmain.php //漏洞文件： case 'category': if !$job $job='default'; else $job=basename$job; $ifannouncement="none"; acceptrequest'mode'; if $mode==1 || $mode==2 //.......................... elseif !empty$mode && !isnumeric$mode || $mode2 getHttp404$lnc313; //...................... if isnumeric$item...