45 matches found
EUVD-2009-4334
Malware in sbrugna...
EUVD-2009-4768
Malware in sbrugna...
EUVD-2009-4333
Malware in sbrugna...
EUVD-2009-1621
Malware in sbrugna...
EUVD-2009-4332
Malware in sbrugna...
Ez Blog 1.0 - XSS/CSRF Multiple Vulnerabilities
No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...
Authentication flaw
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...
Sql injection
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...
CVE-2009-4801
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...
CVE-2009-4805
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...
CVE-2009-4801
EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...
CVE-2009-4801
CVE-2009-4801 affects EZ-Blog Beta 1. The vulnerability is an authentication bypass: remote attackers can craft requests to PHP scripts to create or delete arbitrary posts due to missing access control. Root cause is lack of authentication on post-manipulation endpoints, enabling network-based, u...
CVE-2009-4805
EZ-Blog Beta 1 is affected by SQL injection vulnerabilities in public/view.php (storyid) and admin/remove.php (kill) when magic_quotes_gpc is disabled. The issue allows remote attackers to execute arbitrary SQL commands as described in CVE-2009-4805. The OpenVAS entry confirms an SQLi vulnerabili...
CVE-2009-4805
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the storyid parameter to public/view.php or 2 the kill parameter to admin/remove.php...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2009-4365
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
CVE-2009-4366
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
CVE-2009-4364
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...