18 matches found
CVE-2006-3830
The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...
EUVD-2006-3825
Malware in sbrugna...
boastMachine 3.1 Cross Site Scripting
Vulnerability ID: HTB22399 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...
XSS vulnerability in boastMachine
Vulnerability ID: HTB22399 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...
SQL injection vulnerability in boastMachine
Vulnerability ID: HTB22398 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinboastmachine.html Product: boastMachine Vendor: Kailash Nadh Vulnerable Version: 3.1 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...
CVE-2006-3827
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter...
CVE-2006-3831
The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...
CVE-2006-3826
Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...
CVE-2006-3828
Incomplete blacklist vulnerability in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign characters, "UNION," and "SELECT," which are not filtered by the...
CVE-2006-3831
The Backup selection in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file...
CVE-2006-3831
The CVE-2006-3831 issue affects Kailash Nadh boastMachine (formerly bMachine) versions up to 3.1. The backup feature creates database backups with predictable filenames and stores them under the web root with insufficient access controls, enabling remote attackers to download a backup file and ob...
CVE-2006-3829
CVE-2006-3829 affects Kailash Nadh boastMachine (formerly bMachine) up to version 3.1 and earlier. The issue is a Cross-site request Forgery (CSRF) in bmc/admin.php that allows remote attackers to perform actions as an administrator and delete arbitrary user accounts via a delete_user action. The...
CVE-2006-3827
The CVE-2006-3827 entry affects Kailash Nadh’s boastMachine (formerly bMachine) up to v3.1. The issue is an SQL injection in bmc/Inc/core/admin/search.inc.php, exploitable by remote authenticated administrators via the blog parameter. This is caused by unsanitized input being used in SQL queries,...
CVE-2006-3826
CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.
CVE-2006-3830
The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...
CVE-2006-3827
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter...
CVE-2006-3829
Cross-site request forgery CSRF vulnerability in bmc/admin.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a deleteuser action...
CVE-2006-3828
The CVE-2006-3828 entry concerns Kailash Nadh’s boastMachine (formerly bMachine)