73 matches found
DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= DCFM Blog 0.9.4 comments Remote SQL Injection Vulnerability ============================================================= Title =======:: DCFM Blog 0.9.4 comments Remote SQL...
CVE-2007-3198
Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2007-3198
Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Sql injection
SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter...
CVE-2007-0231
Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...
Cross site scripting
Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...
CVE-2007-0231
CVE-2007-0231 describes a cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33 where, if nofollow is disabled and unmoderated comments are enabled, a remote attacker can inject arbitrary web script or HTML via the Comments field. The vulnerability concerns Movable Type 3.33 and is t...
Blogme v3 [admin login bypass & xss (post)]
vendor site:http://www.drumster.net/ product:Blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerables fields: - Name - URL - Comments laurent gaffie & benjamin mosse http://s-a-p.ca/ contact:...
blogme 3.0 - Cross-Site Scripting Authentication Bypass
blogme 3.0 - Cross-Site Scripting Authentication Bypass blogme v3 admin login bypass & xss post vendor site:http://www.drumster.net/ product:blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerabl...
CVE-2006-4497
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2006-4284
SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection
Products: Postnuke v 0.726 http://www.postnuke.com Date: 15 April 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors:skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.726 and below SQL injection...
Netscape Navigator 4.0.8 - about: Domain Information Disclosure
Netscape Navigator 4.0.8 - about: Domain Information Disclosure source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment...