46 matches found
EUVD-2007-4086
Malware in sbrugna...
EUVD-2007-5788
Malware in sbrugna...
EUVD-2006-2190
Malware in sbrugna...
EUVD-2006-1139
Malware in sbrugna...
EUVD-2006-0109
Malware in sbrugna...
EUVD-2007-1795
Malware in sbrugna...
sBlog 0.7.2 comments_do.php Multiple Variable POST Method XSS
No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...
sBlog 0.7.2 search.php keyword Variable POST Method XSS
No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...
CVE-2007-5818
Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...
CVE-2007-5818
The vulnerability affects sBlog 0.7.3 Beta, specifically the blocks_edit_do.php handler, where a cross-site request forgery (CSRF) could allow an attacker to change arbitrary blocks as an administrator. The description states the risk as enabling an attacker to perform admin-level changes via CSR...
CVE-2007-5818
Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...
sBlog 0.7.3 Beta Cross Site Request Forgery
!-- - Product : sBlog - - Version : 0.7.3 Beta - - Website : http://www.sblog.se - - Author : 0x90 - - Homepage: WwW.0x90.CoM.Ar - - Contact : Gunsat0x90dotcomdotar - - Problem : Cross Site Request Forgery Vulnerability - - Sumary : sBlog has, by default, no CSRF protection, this may allow an...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...
CVE-2007-4102
Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...
CVE-2007-4102
The CVE-2007-4102 entry describes a Cross-site Scripting (XSS) flaw in sBlog 0.7.3 Beta, specifically in search.php. The vulnerability allows remote attackers to inject arbitrary HTML and script via a leading '"/> sequence in the search string. Impact is stated as HTML/script injection without...
sblog073-xss.txt
sBlog 0.7.3 Beta XSS Vulnerabilitie Found by 0x90 www.0x90.com.ar msn & mail: [email protected] in blog http://host/blog/search.php use '"/ Welcome to the jungle!...
sBlog 0.7.3 Beta XSS Vulnerabilitie
sBlog 0.7.3 Beta XSS Vulnerabilitie Found by 0x90 www.0x90.com.ar msn & mail: [email protected] in blog http://host/blog/search.php use "//script src=http://yoursite.com/evil.js Welcome to the jungle!...
CVE-2007-1801
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. dot dot in the conflangdefault parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by...
Directory traversal
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. dot dot in the conflangdefault parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by...