EUVD-2005-2193

Malware in sbrugna...

sphpblog-csrf.txt

SimplePHPBlog Cross Site Request Forgeries Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme at hackish dot eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting img=addblock.php?action=delete&blockid= in a comment where is an ID of a block, whe...

Multiple CSRF in SimplePHPBlog

SimplePHPBlog Cross Site Request Forgeries Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme at hackish dot eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting img=addblock.php?action=delete&blockid= in a comment where is an ID of a block, whe...

SimplePHPBlog img_upload_cgi.php任意文件上传漏洞

SimplePHPBlog是一款基于PHP的网络日记程序。 SimplePHPBlog包含的脚本不正确处理用户提交的输入，远程攻击者可以利用漏洞上传任意文件，并以WEB权限执行。 问题是imguploadcgi.php脚本对用户提交的上传文件缺少正确过滤，提交恶意的数据可导致上传任意文件并以WEB权限执行。 SimplePHPBlog 0.4.9 目前没有解决方案提供： http://www.simplephpblog.com/...

Simple PHP Blog <= 0.4.0 Multiple Remote Exploits

No description provided by source. !/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1...

Simple PHP Blog 0.4.0 - Multiple Remote s

!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...

Simple PHP Blog <= 0.4.0 Multiple Remote Exploits

Exploit for unknown platform in category web applications ================================================= Simple PHP Blog order allow,deny deny from all order allow,deny deny from all --------------------- Snip .htaccess end --------------------- Solution 3 See...

sphpblog_vulns.pl.txt

!/usr/bin/perl -w =============================================================================== Title: sphpblogvulns.pl Written by: Kenneth F. Belva, CISSP Franklin Technologies Unlimited, Inc. http://www.ftusecurity.com Date: August 25, 2005 Version: 0.1 Description: This program is for...

SimplePHPBlog Arbitrary File Deletion and Sample Exploit

SimplePHPBlog has a vulnerability in its commentdeletecgi.php. The PHP script allows for the arbitrary deletion of files. Please see following link for a perl script to demonstrate the exploit: http://www.ftusecurity.com/pub/sphpblogvulns Please add .pl extension as my ISP server preprocesses the...

[EXPL] SimplePHPBlog Password Disclosure &#40;Exploit&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...

CVE-2005-2192

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack...

CVE-2005-2192

CVE-2005-2192 affects SimplePHPBlog 0.4.0 where password hashes are stored in config/password.txt with insufficient access control. This weak file permissions could allow remote attackers to read password hashes and perform brute force attacks to obtain passwords, impacting confidentiality. The a...

SimplePHPBlog 0.4.0 &lt;= Remote Password Disclosure

. || | | .. | | | | | | | | | | | | | /| | /|/ | || || / Where is the security? ... Security Advisory 2005-0x00 Authors......... pjphem && LazyCrs Date............ 07/07/2005 Vendor.......... www.simplephpblog.com Type............ SimplePHPBlog 0.4.0 = Remote Password Disclosure o The Problem:...

simplephpBlog040.txt

. || | | .. \ \ | \ | | | | | |\ | | /| | /|/ | || || / Where is the security? ... Security Advisory 2005-0x00 Authors......... pjphem && LazyCrs Date............ 07/07/2005 Vendor.......... www.simplephpblog.com Type............ SimplePHPBlog 0.4.0 = Remote Password Disclosure o The Problem:...