27 matches found
EUVD-2007-4057
Malware in sbrugna...
EUVD-2007-4055
Malware in sbrugna...
EUVD-2007-4056
Malware in sbrugna...
Webbler CMS 3.1.3 Mail A Friend Open Email Relay Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25045/info The 'webbler' is prone to an open-email-relay vulnerability. An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may...
Webbler CMS 3.1.3 Index.PHP Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25040/info The 'webbler' is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
CVE-2007-4073
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks...
CVE-2007-4071
Multiple cross-site scripting XSS vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 page or 2 login parameter...
Design/Logic Flaw
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks...
CVE-2007-4072
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...
Design/Logic Flaw
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 page or 2 login parameter...
CVE-2007-4071
CVE-2007-4071 (Webbler CMS) — Multiple XSS vulnerabilities in the uploader/index.php component allow remote attackers to inject arbitrary script/HTML via the (1) page or (2) login parameter. Affected: Webbler CMS versions before 3.1.6. Impact: potential for arbitrary script execution in the victi...
CVE-2007-4071
Multiple cross-site scripting XSS vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 page or 2 login parameter...
CVE-2007-4072
Webbler CMS before 3.1.6 provides the full installation path within HTML comments in certain documents, which allows remote attackers to obtain sensitive information by viewing the HTML source, as demonstrated by viewing the source generated from index.php...
CVE-2007-4072
Webbler CMS before 3.1.6 exposes the full installation path inside HTML comments in certain documents, enabling remote attackers to obtain sensitive information by viewing the HTML source (e.g., the index.php page). The affected component is Webbler CMS, with the root cause being path disclosure ...
CVE-2007-4073
Webbler CMS is affected up to version 3.1.5 (prior to 3.1.6). The vulnerability arises from insufficient validation of the "+mail a friend+" form, allowing remote attackers to cause the system to send forged emails. The issue is a misuse of an input form rather than a separate exploit channel, en...
CVE-2007-4073
Webbler CMS before 3.1.6 does not properly restrict use of "mail a friend" forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks...
ProCheckUp Security Advisory 2007.18
PR07-18: Cross-site Scripting XSS / HTML injection on Webbler CMS admin login page 1 This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as...
ProCheckUp Security Advisory 2007.19
PR07-19: Cross-site Scripting XSS / HTML injection on Webbler CMS admin login page 2 This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as...
PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)
PR07-19: Cross-site Scripting XSS / HTML injection on Webbler CMS admin login page 2 This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as...