EUVD-2006-2178

Malware in sbrugna...

GeoBlog 1.0 ViewCat.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16249/info geoBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resu...

GeoBlog MOD_1.0 Viewcat.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17784/info GeoBlog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion

No description provided by source. source: http://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs...

geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion

No description provided by source. source: http://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs...

GeoBlog viewcat.php cat Parameter SQL Injection - Ver2 (CVE-2006-0249)

An SQL injection vulnerability has been reported in BitDamaged geoBlog MOD1.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

GeoBlog viewcat.php cat Parameter SQL Injection - Ver2 (CVE-2006-0249)

An SQL injection vulnerability has been reported in BitDamaged geoBlog MOD1.0. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2007-4047

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

Authentication flaw

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

CVE-2007-4047

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

CVE-2007-4047

geoBlog (aka BitDamaged) 1 suffers an unauthenticated privilege issue in admin/ scripts: deletecomment.php, deleteblog.php, and listcomment.php can be invoked with a valid id to delete arbitrary comments/blogs and cause other unspecified impact. Descriptions across NVD and CVE records confirm lac...

GeoBlog MOD_1.0 - deletecomment.php?id Arbitrary Comment Deletion

GeoBlog MOD1.0 - deletecomment.php?id Arbitrary Comment Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploi...

GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion

source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs and comments regardless of the...

GeoBlog MOD_1.0 - 'deletecomment.php?id' Arbitrary Comment Deletion

source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs and comments regardless of the...

Geoblog v1 administrator bypass

Geoblog v1. A vulnerability exists in geoblog version 1 latest that allows users to delete other peoples comments without administration credentials. It works on blogs too. Users can delete blogs without user credentials. The reason why is because the listcomments.php and deletecomments.php files...

GeoBlog MOD_1.0 - deleteblog.php?id Arbitrary Blog Deletion

GeoBlog MOD1.0 - deleteblog.php?id Arbitrary Blog Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit thes...

Cross site scripting

Cross-site scripting XSS vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2006-2177

Cross-site scripting XSS vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...

CVE-2006-2177

CVE-2006-2177 describes a Cross-site Scripting (XSS) vulnerability in geoBlog 1.0’s viewcat.php, exploitable by passing a crafted value in the cat parameter to inject arbitrary script/HTML. The vulnerability is confirmed in multiple sources (NVD entry; related CVE records) and affects geoBlog 1.0...

CVE-2006-2177

Cross-site scripting XSS vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...