27 matches found
EUVD-2011-1946
Malware in sbrugna...
EUVD-2007-2196
Malware in sbrugna...
EUVD-2011-1948
Malware in sbrugna...
EUVD-2011-1947
Malware in sbrugna...
Post Revolution <= 0.7.0 RC 2 (dir) Remote File Inclusion Vulnerability
No description provided by source. Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........:...
CVE-2011-1954
Multiple cross-site request forgery CSRF vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to 1 ajax-weblog-guardar.php, 2 verpost.php, 3 comments.php, or 4 perfil.php...
CVE-2011-1953
Multiple cross-site scripting XSS vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a 1 P, a 2 STRONG, a 3 A, a 4 EM, a 5 I, a 6 IMG, a 7 LI, an 8 OL, a 9 VIDEO, or a 10 BLOCKQUOTE element...
CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to 1 ajax-weblog-guardar.php, 2 verpost.php, 3 comments.php, or 4 perfil.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a 1 P, a 2 STRONG, a 3 A, a 4 EM, a 5 I, a 6 IMG, a 7 LI, an 8 OL, a 9 VIDEO, or a 10 BLOCKQUOTE element...
CVE-2011-1954
Post Revolution 0.8.0c and earlier is affected by CSRF in multiple endpoints (ajax-weblog-guardar.php, verpost.php, comments.php, perfil.php), enabling remote attackers to hijack user sessions. The vulnerability is described consistently across CVE-2011-1954 entries; the root cause is inadequate ...
CVE-2011-1953
CVE-2011-1953 affects Post Revolution prior to 0.8.0c-2. The vuln is a set of XSS flaws in common.php (allowed tags: p, a, strong, em, i, img, li, ol, video, blockquote) that do not sanitize attributes, enabling arbitrary script via tag attributes. A DoS path exists in a loop when removing non-pe...
CVE-2011-1952
CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a
CVE-2011-1952
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...
CVE-2011-1954
Multiple cross-site request forgery CSRF vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to 1 ajax-weblog-guardar.php, 2 verpost.php, 3 comments.php, or 4 perfil.php...
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...
Post Revolution 0.8.0c XSS / XSRF / Denial Of Service
info Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi Vulnerable : All versions prior to and including 0.8.0c are affected. Vendor...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to 1 common.php or 2 themes/default/previewpostcompleto.php...
CVE-2007-2201
Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to 1 common.php or 2 themes/default/previewpostcompleto.php...
CVE-2007-2201
CVE-2007-2201 describes multiple PHP remote file inclusion vulnerabilities in Post Revolution versions 6.6 and 7.0 RC2. An attacker can cause arbitrary PHP code execution by supplying a URL in the dir parameter to either the file path common.php or themes/default/preview_post_completo.php. The af...