21 matches found
EUVD-2007-1973
Malware in sbrugna...
EUVD-2008-4038
Malware in sbrugna...
Bluemoon inc. PopnupBlog 3.30 'index.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30827/info Bluemoon inc. PopnupBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script co...
XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
No description provided by source. html head titleXOOPS Module PopnupBlog = 2.52 postid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module PopnupBlog = 2.52...
CVE-2008-4053
Multiple cross-site scripting XSS vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 catid, and 3 view parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 catid, and 3 view parameters...
CVE-2008-4053
The CVE-2008-4053 entry describes XSS vulnerabilities in the Bluemoon PopnupBLOG module for XOOPS, specifically in index.php for versions 3.20 and 3.30, where the parameters (param, cat_id, view) can be manipulated to inject arbitrary script/HTML. The underlying issue is cross-site scripting due ...
popnupblog-xss.txt
PopnupBlog index.php multiple variables XSS Vendor url:http://www.bluemooninc.biz/ Advisore:http://lostmon.blogspot.com/2008/08/ popnupblog-indexphp-multiple-variables.html Vendor notify:no exploits availables:yes PopnupBlog contains a flaw that allows a remote cross site scripting attack.This fl...
Bluemoon inc. PopnupBlog 3.30 - index.php Multiple Cross-Site Scripting Vulnerabilities
Bluemoon inc. PopnupBlog 3.30 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30827/info Bluemoon inc. PopnupBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker ma...
Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/30827/info Bluemoon inc. PopnupBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...
CVE-2008-2035
Cross-site scripting XSS vulnerability in the Bluemoon, Inc. 1 BackPack 0.91 and earlier, 2 BmSurvey 0.84 and earlier, 3 newbbfileup 1.83 and earlier, 4 Newsembed newsfileup 1.44 and earlier, and 5 PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote...
JVN#31351020 Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules
Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the product to the latest version according to the information...
popnupblog.txt
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title PopnupBlog XOOPS Module Remote File Inclusion Vulnerability Description Blogging module for XOOPS CMS Vuln Code In /class/sendmail.php includeonce...
Sql injection
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...
CVE-2007-1979
CVE-2007-1979 refers to an SQL injection in the PopnupBlog module for XOOPS (index.php) up to version 2.52 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the postid parameter, potentially involving get_blogid_from_postid in class/PopnupBlogUtils.php. ...
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...
Xoops Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
No description provided by source. html head titleXOOPS Module PopnupBlog = 2.52 postid BLIND SQL Injection Exploit/title script type="text/javascript" //'=============================================================================================== //'Script Name: XOOPS Module PopnupBlog = 2.52...
XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
Exploit for unknown platform in category web applications ==================================================================== XOOPS Module PopnupBlog XOOPS Module PopnupBlog //'=============================================================================================== //'Script Name: XOOPS...