EUVD-2005-2722

Malware in sbrugna...

EUVD-2005-2723

Malware in sbrugna...

Serendipity PHP Weblog System Remote Command Execution

Exploit for php platform in category web applications postProcess'', $quality, $type . "$filename"; //if we have windows server ifisset$ENV'OS' && eregi'window',$ENV'OS' $cmd = eregreplace'/','\',$cmd; //echo $cmd.""; $output = system$cmd; errorlog'NETPBM: '.$cmd; //errorlog$output; $this-command...

Sql injection

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter...

CVE-2008-0447

SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter...

CVE-2008-0447

CVE-2008-0447 describes an SQL injection in Foojan WMS PHP Weblog 1.0, caused by unsanitized input in the story parameter of index.php. This enables remote attackers to potentially modify or read database data; CVSS v2 base score 7.5 (HIGH) with network access, low attack complexity, and no authe...

CVE-2005-2721

Foojan PHP Weblog is affected by multiple XSS vulnerabilities in index.php and admin.php, exploitable via the Referer header in HTTP requests. The issue enables remote attackers to inject arbitrary script/HTML and has a CVSSv2 base score of 4.3 (Medium) with network attack vector, medium complexi...

CVE-2005-2721

Multiple cross-site scripting XSS vulnerabilities in 1 index.php or 2 admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header...

foojanInject.txt

Vendor : http://foojan.soltoononline.com A complete Persian PHP Weblog WMS Example Information Disclosure: http://target/foojan/adminmodules/daylinks/index.php http://target/foojan/index.php?daylinkspage=-1 Refferer Html Injection Where : in gmain.php $Weblog- query "INSERT INTO visits id , ip ,...

phpFirstPost.txt

Language: PHP Project name: PHP FirstPost Risk:High Home page: http://phpfirstpost.sourceforge.net Discovered by: GB Description: PHP FirstPost is yet another PHP weblog. This one, however, is based on Scoop, and has the open submission queue and comment rating system. A vulnerability exists in P...

iwebnegar is vulnerable to all kind of sql injections

----------------www.karchack.com---------------- ----------------www.karchack.net---------------- describtion : iwebnegar is farsi weblog software written in php http://iwebnegar.co.sr --------- vulnerabilities : all files seems to be vulnerable such as comments.php , index.php and also...

HTTP Response Splitting in Serendipity 0.7-beta4

SECURITY ADVISORY: HTTP Response Splitting in Serendipity 0.7-beta4 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 21st, 2004 PRODUCT: Serendipity 0.7-beta4 October 14th, 2004 Recommended release, most stable - www.s9y.org FROM THE VENDOR WEBSITE: Serendipity is a...