EUVD-2005-1689

Malware in sbrugna...

EUVD-2006-6523

Malware in sbrugna...

EUVD-2006-4035

Malware in sbrugna...

EUVD-2009-3603

Malware in sbrugna...

CVE-2023-46059

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...

CVE-2023-46059

CVE-2023-46059: A Cross-Site Scripting (XSS) flaw in Geeklog-Core Geeklog v2.2.2 affects the admin/trackback.php component, specifically via the Ping parameter, enabling a remote attacker to execute arbitrary code through a crafted payload. The vulnerability is described across multiple sources a...

WordPress core <= 6.0.2 - Cross-Site Request Forgery (CSRF) vulnerability in wp-trackback.php

Cross-Site Request Forgery CSRF vulnerability in wp-trackback.php discovered by Simon Scannell in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

DotClear 1.2.x /ecrire/trackback.php post_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

myBloggie <= 2.1.4 (trackback.php) Multiple SQL Injections Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo MyBloggie = 2.1.4 trackback.php multiple SQL injections vulnerability /\n; echo administrative credentials disclosure exploit\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n\n; / works...

Loggix Project <= 9.4.5 - Multiple Remote File Include Vulnerability

No description provided by source. In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...

MyBloggie 2.1.6 - HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...

CVE-2009-3622

CVE-2009-3622 affects WordPress wp-trackback.php. The vulnerability allows remote attackers to cause a denial of service (CPU consumption and server hang) by sending a long title together with a charset parameter consisting of many comma-separated "UTF-8" substrings, exploiting mb_convert_encodin...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to 1 Calendar.php, 2 Comment.php, 3 Rss.php and 4 Trackback.php in lib/Loggix/Module/; and 5...

Loggix Project &lt;= 9.4.5 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...

Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ====================================================================== Loggix Project = 9.4.5 Multiple Remote File Inclusion Vulnerabilities ====================================================================== In The Name Of Allah Loggix...

Loggix Project 9.4.5 - Multiple Remote File Inclusions

In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog : http://sh3ll4u.blogspot.com Dork : No DoRk f0R ScRipT...

CVE-2008-7090

CVE-2008-7090 affects Pligg 9.9 and earlier. Two directory traversal flaws allow remote attackers to (1) check existence of arbitrary files via .. in trackback.php ($tb_url) and (2) include arbitrary files via .. in the template parameter to settemplate.php. Impact per sources: potential file dis...

sablog 1.6 trackback.php转码函数注入漏洞

Sablog-X是一个采用PHP和MySQL构建的博客系统.作为Sablog的后继产品,Sablog-X在代码质量,运行效率,负载能力,安全等级,功能可操控性和权限严密性等方面都在原有的基础上,更上一层楼.凭借Sablog-X作者7年多的安全技术经验,4年的PHP开发经验,强于创新,追求完美的设计理念,使得Sablog-X已获得业内越来越多专家和用户的认可.但是80sec在其中的代码里发现一个安全漏洞，导致远程用户通过SQL注射获得数据库权限，甚至获得管理员权限。 在sablog的trackback.php中的转码函数 function iconv2utf$chs global...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

dotclear-xss.txt

------=Part236063482423.1176380209314 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dotclear 1. Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1. allowing ...