24 matches found
EUVD-2011-3792
Malware in sbrugna...
EUVD-2011-3793
Malware in sbrugna...
EUVD-2011-3794
Malware in sbrugna...
EUVD-2011-3795
Malware in sbrugna...
EUVD-2011-3796
Malware in sbrugna...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3838
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Sql injection
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
Directory traversal
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3838
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
CVE-2011-3835
Wuzly 2.0 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote injection of scripts via numerous parameters in admin/, mobile/, and index.php pages (e.g., Referer header in admin/login.php/admin/404.php, q in search.php, theme_name in theme_settings.php, username in admi...
CVE-2011-3836
CVE-2011-3836 concerns multiple CSRF vulnerabilities in the Wuzly 2.0 application that allow remote attackers to hijack administrator sessions to perform actions such as (1) adding an administrator, (2) triggering XSS, (3) executing SQL injection, or other unspecified impacts via unknown vectors....
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...