14 matches found
EUVD-2009-4333
Malware in sbrugna...
EUVD-2009-4334
Malware in sbrugna...
EUVD-2009-4332
Malware in sbrugna...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
CVE-2009-4366
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...
CVE-2009-4364
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2009-4365
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
CVE-2009-4365
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...
CVE-2009-4364
Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2009-4366
ScriptsEz Ez Blog 1.0 contains a cross-site scripting (XSS) vulnerability in index.php where the yr parameter in a bmonth action can be used to inject arbitrary web script/HTML. CVE-2009-4366 has CVSSv2 base score 4.3 (Medium); attack vector: Network; authentication: None; confidentiality impact:...
CVE-2009-4364
CVE-2009-4364 describes a Cross-site Scripting (XSS) vulnerability in the ScriptsEz Ez Blog, affecting the application’s index.php where the cname parameter can inject arbitrary web script/HTML (related to the act and id parameters). The root cause is insufficient input validation on cname. Impac...
CVE-2009-4365
CVE-2009-4365 describes multiple cross-site request forgery (CSRF) vulnerabilities in admin.php of ScriptsEz Ez Blog 1.0. The issue allows remote attackers to hijack administrator sessions and perform actions such as adding a blog (add_blog), approving comments (approve_comment), changing adminis...