EUVD-2009-0387

Malware in sbrugna...

EUVD-2009-0413

Malware in sbrugna...

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

No description provided by source. Salvatore drosophila Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:Powered by Max.Blog Date: 27 Jan 2009 Discovered by: Salvatore drosophila Fresta Author:...

Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability

No description provided by source. Salvatore drosophila Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:Powered by Max.Blog Date: 20 Jan 2009 Discovered by: Salvatore drosophila Fresta Author: Salvatore...

Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability

No description provided by source. Salvatore drosophila Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:Powered by Max.Blog Date: 27 Jan 2009 Discovered by: Salvatore drosophila Fresta Author: Salvatore...

CVE-2009-0409

SQL injection vulnerability in offlineauth.php in Max.Blog 1.0.6 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

Sql injection

SQL injection vulnerability in offlineauth.php in Max.Blog 1.0.6 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-0409

SQL injection vulnerability in offlineauth.php in Max.Blog 1.0.6 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-0409

CVE-2009-0409 is a SQL injection vulnerability in offline_auth.php of Max.Blog 1.0.6 and earlier. The issue occurs when magic_quotes_gpc is disabled, allowing an attacker to craft a username parameter that leads to arbitrary SQL execution. Affected product: Max.Blog (versions up to 1.0.6). Root c...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

Server side request forgery (ssrf)

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

CVE-2009-0383

CVE-2009-0383 affects Max.Blog 1.0.6; the delete.php endpoint does not properly restrict access, enabling remote attackers to delete arbitrary blog posts via a direct request. The issue is caused by improper access control on the delete operation. Impact is partial integrity/partial availability ...

CVE-2009-0383

delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request...

PT-2009-3042 · Max · Max.Blog

Name of the Vulnerable Software and Affected Versions: Max.Blog version 1.0.6 Description: The issue concerns improper access restriction in the delete.php file, allowing remote attackers to delete arbitrary blog posts by making a direct request. Recommendations: For Max.Blog version 1.0.6,...

Max.Blog &lt;= 1.0.6 &#40;offline_auth.php&#41; Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

Max.Blog &lt;= 1.0.6 (submit_post.php) SQL Injection Vulnerability

No description provided by source. Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore...

Max.Blog 1.0.6 Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog Salvatore "drosophila" Fresta - Max.Blog...

Max.Blog 1.0.6 - &#039;submit_post.php&#039; SQL Injection

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail:...

Max.Blog &lt;= 1.0.6 &#40;show_post.php&#41; SQL Injection Vulnerability

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: SQL Injection Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 20 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail:...

Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== Max.Blog = 1.0.6 submitpost.php SQL Injection Vulnerability =============================================================== Application: Max.Blog http://www.mzbservices.com...