60 matches found
EUVD-2009-4870
Malware in sbrugna...
EUVD-2009-4872
Malware in sbrugna...
EUVD-2009-4866
Malware in sbrugna...
EUVD-2009-0288
Malware in sbrugna...
EUVD-2009-4871
Malware in sbrugna...
OBLOG 'err.asp' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33416/info OBLOG is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Oblog 4.5-4.6 access&mssql getshell 0day-vulnerability warning-the black bar safety net
Impact range: 4.5 - 4.6 Vulnerability requirements: IIS6. 0\Open Membership Mining author:henry Absolute originality, technical content is not high,but the impact of the relatively wide range of.. Vulnerability file: AjaxServer. asp 3 of 7 2 rows logfilename = TrimRequest"filename"//not filter...
CVE-2009-4903
Cross-site scripting XSS vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-4909
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests...
CVE-2009-4908
Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...
CVE-2009-4904
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service blog spam via a comment=new action...
CVE-2009-4907
Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in oBlog allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...
Default credentials
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...
Design/Logic Flaw
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service blog spam via a comment=new action...
CVE-2009-4909
admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests...
CVE-2009-4907
Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...
CVE-2009-4903
CVE-2009-4903 describes a Cross-site Scripting (XSS) flaw in the web app oBlog . The vulnerability is in the file index.php and is exploitable via the search parameter , allowing remote attackers to inject arbitrary script/HTML. The NVD entry notes a non-authoritative provenance (“NOTE: the prove...