EUVD-2005-2193

Malware in sbrugna...

sphpblog-csrf.txt

SimplePHPBlog Cross Site Request Forgeries Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme at hackish dot eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting img=addblock.php?action=delete&blockid= in a comment where is an ID of a block, whe...

Multiple CSRF in SimplePHPBlog

SimplePHPBlog Cross Site Request Forgeries Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme at hackish dot eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting img=addblock.php?action=delete&blockid= in a comment where is an ID of a block, whe...

SimplePHPBlog img_upload_cgi.php任意文件上传漏洞

SimplePHPBlog是一款基于PHP的网络日记程序。 SimplePHPBlog包含的脚本不正确处理用户提交的输入，远程攻击者可以利用漏洞上传任意文件，并以WEB权限执行。 问题是imguploadcgi.php脚本对用户提交的上传文件缺少正确过滤，提交恶意的数据可导致上传任意文件并以WEB权限执行。 SimplePHPBlog 0.4.9 目前没有解决方案提供： http://www.simplephpblog.com/...

Simple PHP Blog <= 0.4.0 Multiple Remote Exploits

No description provided by source. !/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1...

Simple PHP Blog <= 0.4.0 Multiple Remote Exploits

Exploit for unknown platform in category web applications ================================================= Simple PHP Blog order allow,deny deny from all order allow,deny deny from all --------------------- Snip .htaccess end --------------------- Solution 3 See...

Simple PHP Blog 0.4.0 - Multiple Remote s

!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...

sphpblog_vulns.pl.txt

!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...

SimplePHPBlog Arbitrary File Deletion and Sample Exploit

SimplePHPBlog has a vulnerability in its commentdeletecgi.php. The PHP script allows for the arbitrary deletion of files. Please see following link for a perl script to demonstrate the exploit: http://www.ftusecurity.com/pub/sphpblogvulns Please add .pl extension as my ISP server preprocesses the...

[EXPL] SimplePHPBlog Password Disclosure &#40;Exploit&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...

CVE-2005-2192

CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...

simplephpBlog040.txt

. || | | .. \ \ | \ | | | | | |\ | | /| | /|/ | || || / Where is the security? ... Security Advisory 2005-0x00 Authors......... pjphem && LazyCrs Date............ 07/07/2005 Vendor.......... www.simplephpblog.com Type............ SimplePHPBlog 0.4.0 = Remote Password Disclosure o The Problem:...

SimplePHPBlog 0.4.0 &lt;= Remote Password Disclosure

. || | | .. | | | | | | | | | | | | | /| | /|/ | || || / Where is the security? ... Security Advisory 2005-0x00 Authors......... pjphem && LazyCrs Date............ 07/07/2005 Vendor.......... www.simplephpblog.com Type............ SimplePHPBlog 0.4.0 = Remote Password Disclosure o The Problem:...