58 matches found
UApplication Ublog Reload 1.0.5 - 'Trackback.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13994/info Ublog Reload is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser...
Ublog Reload 1.0.5 - 'blog_comment.asp?y' SQL Injection
source: https://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise ...
[SA15747] Ublog Reload SQL Injection and Cross-Site Scripting
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Ublog Reload 1.0.5 - blog_comment.asp?y SQL Injection
Ublog Reload 1.0.5 - blogcomment.asp?y SQL Injection source: https://www.securityfocus.com/bid/13991/info Ublog Reload is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries...
CVE-2005-1426
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb aka mdb-database/blog.msb...
CVE-2005-1426
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb aka mdb-database/blog.msb...
CVE-2005-1426
Affected software: Ublog Reload (Uapplication Ublog Reload). Vulnerable component: mdb-database/blog.mdb (aka blog.msb) exposed under the web root. Root cause: insufficient access control in the web root enables direct HTTP retrieval of the database by remote attackers. Impact: potential unauthor...
CVE-2005-0925
Cross-site scripting XSS vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2005-0938
Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb...
UblogXSS.txt
PersianHacker.NET 200503-11Ublog reload 1.0.4 and prior Multiple Vulnerbilities Date: 2005 03 Bug Number: 11 Ublog Ublog reload is a complete ASP weblog system. More info @: http://www.uapplication.com Discussion: -------------------- What are the bugs ? 1 Cross-Site Scripting that lets attackers...
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities
PersianHacker.NET 200503-11Ublog reload 1.0.4 and prior Multiple Vulnerbilities Date: 2005 03 Bug Number: 11 Ublog Ublog reload is a complete ASP weblog system. More info @: http://www.uapplication.com Discussion: -------------------- What are the bugs ? 1 Cross-Site Scripting that lets attackers...
CVE-2005-0938
The CVE concerns Ublog Reload 1.0–1.0.4, where the application stores ublogreload.mdb under the web root. This enables an attacker to read usernames and hashed passwords by making a direct request to ublogreload.mdb, exposing authentication data. The underlying issue is exposure of the MDB databa...
CVE-2005-0938
Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb...
CVE-2005-0925
Cross-site scripting XSS vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...
CVE-2005-0925
CVE-2005-0925 affects Ublog Reload 1.0–1.0.4. Affected component: login.asp, vulnerable parameter: msg, enabling Cross‑site Scripting (XSS) by remote attackers to inject arbitrary script/HTML. Impact aligns with partial integrity concerns and no confidentiality/availability loss per CVSS—base 4.3...
Ublog < 1.0.5 login.asp msg Parameter XSS
Binary data 2776.prm...
UApplication Ublog 1.0.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/12931/info Ublog is affected by a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentia...
UApplication Ublog 1.0.x - Cross-Site Scripting
UApplication Ublog 1.0.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/12931/info Ublog is affected by a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate th...