CVE-2011-0440

Cross-site request forgery CSRF vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs...

CVE-2011-0440

Cross-site request forgery CSRF vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs...

Ez Blog v1.0 (XSS/XSRF) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================ Ez Blog v1.0 XSS/XSRF Multiple Vulnerabilities ================================================ ----------------------------------------------------------------------------------------------...

CVE-2007-4047

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

Authentication flaw

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

Geoblog v1 administrator bypass

Geoblog v1. A vulnerability exists in geoblog version 1 latest that allows users to delete other peoples comments without administration credentials. It works on blogs too. Users can delete blogs without user credentials. The reason why is because the listcomments.php and deletecomments.php files...