EUVD-2004-2339

Malware in sbrugna...

EUVD-2004-2119

Malware in sbrugna...

File upload vulnerability in web-blogs

web-blog is a web personal blog management system. A file upload vulnerability exists in web-blog. An attacker can exploit the vulnerability to upload arbitrary php scripts to gain server control privileges...

ASP-Rider Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11933/info A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An...

Leif M. Wright Web Blog 1.1 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9517/info Web Blog is prone to a file disclosure vulnerability. Remote attackers may gain access to files on the system hosting the server that reside outside of the server root by submitting a malicious request that...

Phishers hijacking Facebook Pages using apps

Another phishing campaign come in action recently targeting Facebook accounts and company pages with millions of followers. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. Not a new method, but very creative phishing example in Facebook hacking...

Webify Product Series - Multiple Web Vulnerabilities

Document Title: =============== Webify Product Series - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=598 Release Date: ============= 2012-06-09 Vulnerability Laboratory ID VL-ID: ==================================== 598...

Safari For Windows SGV Denial Of Service

Safari for windows Invalid SGV text style Webkit.dll DoS Vendor URL:www.apple.com Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid-sgv-text.html Vendor notify :Yes exploit available :YES Safari browser for windows is prone vulnerable to a Denial of service condition , this...

Movable Type跨站脚本和安全绕过漏洞

Bugraq ID: 35471 Movable Type是一款基于WEB的网络博客系统。 Movable Type存在多个安全问题，远程攻击者可以利用漏洞获得敏感信息或绕过安全限制。 -mt-wizard.cgi存在一个未明输入验证问题，攻击者可以利用漏洞以用户浏览器上下文执行任意HTML和脚本代码。 -mt-wizard.cgi存在未明错误可绕过部分安全限制。 Movable Type Movable Type Pro 4.25 Movable Type Movable Type Pro 4.24 Movable Type Movable Type Open Source 4.25...

greymatterXSS.txt

Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like , administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log files Admin...

CVE-2004-2347

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...

CVE-2004-2347

The CVE-2004-2347 entry applies to Leif M. Wright Web Blog (blog.cgi) versions 1.1 and 1.1.5. The vulnerability arises in the ViewFile request’s file parameter, where shell metacharacters (e.g., |) enable remote command execution. Impact is remote arbitrary commands executed with the web server u...

CVE-2004-2127

Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. dot dot in the file variable...

CVE-2004-2127

CVE-2004-2127 concerns a directory traversal in Web Blog 1.1 that allows remote attackers to read arbitrary files via a .. in the file variable. The affected component is the Web Blog 1.1 application; root cause is improper handling of the file parameter enabling traversal to parent directories. ...

serendipity SQL Injection vulnerability

ADZ Security Team =================== Info Program: serentdipity web blog system Version: 0.8beta4 Module: exit.php Bug type: SQL Injection Vendor site: http://www.s9y.org/ Vendor Informed: Yes =================== Bug Info // code start //....... $links = serendipitydbquery"SELECT link FROM...

CVE-2004-2347

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...

ASP-Rider - SQL Injection

ASP-Rider - SQL Injection source: https://www.securityfocus.com/bid/11933/info A remote SQL injection vulnerability reportedly affects ASP-Rider Web blog. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker m...

WordPress Blog HTTP Splitting Vulnerability

No description provided by source. This script is C Tenable Network Security ifdescription scriptid15443; scriptbugtraqid11348; scriptversion "$Revision: 1.1 $"; name"english" = "WordPress HTTP Splitting Vulnerability"; scriptnameenglish:name"english"; desc"english" = " The remote host is running...

Web Blog 1.1 Remote Execute Commands Bug

Product: Web Blog 1.1 Remote Execute Commands Bug Affected Versions: 1.1.5 Bug: Command Remote Execution Credits: n3rd - Lit Security Solutions LiSS Affix in irc.brasnet.org Vendor: http://leifwright.com Exploiting:...

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...