SPHPBlog 0.4 Search.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13170/info sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

Simple PHP Blog (SPHPBlog) <= 0.5.1 Code Execution Exploit

No description provided by source. ? / sIMPLE php bLOG 0.5.0 eXPLOIT bY mAXzA 2008 / function curl$url,$postvar global $cook; $ch = curlinit $url ; curlsetopt $ch, CURLOPTRETURNTRANSFER, 1; curlsetopt $ch, CURLOPTHEADER, 1; curlsetopt $ch, CURLOPTREFERER,$url; if strlen$postvar3 $postvar=123;...

Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21129/info Sphpblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities

Simple PHP Blog sPHPblog 0.5.1 - Multiple Vulnerabilities Title: Simple PHP Blog sphpblog Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting X X Session Fixation X X mail CRLF Injection X Local File Inclusion +CSRF X X File Deletion +CSRF X X File...

Simple PHP Blog (sPHPblog) 0.5.1 - Multiple Vulnerabilities

Title: Simple PHP Blog sphpblog Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting X X Session Fixation X X mail CRLF Injection X Local File Inclusion +CSRF X X File Deletion +CSRF X X File Upload Vulnerability X X Code Execution +CSRF X X Legend: ...

CVE-2007-5572

The provided records identify CVE-2007-5572 as CSRF vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9. The affected component is the blog’s admin-facing functionality, where remote attackers could trigger delete actions by supplying (1) block_id to add_block.php or (2) link_id to add_link.php. ...

CVE-2007-5072

CVE-2007-5072 affects the Simple PHP Blog (SPHPBlog) prior to version 0.5.1. The root cause is cross-site scripting (XSS) vulnerabilities that occur when register_globals is enabled, allowing remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to files...

CVE-2007-5072

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog SPHPBlog before 0.5.1, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain usercolors array parameters to certain userstyle.php files under themes/, as demonstrated by the...

CVE-2006-6032

SPHPBlog (Simple PHP Blog) is affected by XSS in CVE-2006-6032. Concrete details from the connected data show vulnerable code paths in SPHPBlog where input is used without proper validation for two parameters: the action parameter in add_block.php and the entry parameter in index.php. The descrip...

sphpblog08-rfi.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Sphpblog...

sphpblog08.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Sphpblog...

Sphpblog =&gt; 0.8 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Sphpblog...

Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities

Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21129/info Sphpblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...

Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21129/info Sphpblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...

CVE-2005-2733

The CVE-2005-2733 issue affects Simple PHP Blog (SPHPBlog) where upload_img_cgi.php does not properly restrict uploaded file extensions, enabling remote code execution. The vulnerability is documented in NVD with a base score of 7.5 (HIGH) and is evidenced by the SPHPBlog file-upload weakness des...

CVE-2005-1136

CVE-2005-1136 affects Simple PHP Blog (sphpBlog) 0.4.0. The vulnerability arises because the application stores (1) password.txt and (2) config.txt under the web document root, enabling remote attackers to obtain sensitive information by direct requests to these files. This could facilitate passw...

CVE-2005-1137

Vulnerability CVE-2005-1137 affects Simple PHP Blog (sphpBlog) 0.4.0. The issue arises when an attacker directly requests sb_functions.php and triggers a PHP error message that leaks the full filesystem pathname, exposing sensitive information. This is a server-side information disclosure vulnera...

CVE-2005-1136

Simple PHP Blog sphpBlog 0.4.0 stores the 1 password.txt and 2 config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files...

Vulnerabilities in sphpblog

--------------------------------------------------------------------------- Vulnerabilities in sphpblog --------------------------------------------------------------------------- Author: y3dips Date: April, 13th 2005 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv012-y3dips-2005.txt...

SPHPBlog 0.4 - search.php Cross-Site Scripting

SPHPBlog 0.4 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13170/info sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...