24 matches found
EUVD-2011-3796
Malware in sbrugna...
EUVD-2011-3793
Malware in sbrugna...
EUVD-2011-3792
Malware in sbrugna...
EUVD-2011-3795
Malware in sbrugna...
EUVD-2011-3794
Malware in sbrugna...
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3838
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Sql injection
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
Directory traversal
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
CVE-2011-3838
Technical details about CVE-2011-3838 are not publicly provided in the connected documents. The available sources only reiterate SQL injection in Wuzly 2.0 without version/impact details. Monitor for updates.
CVE-2011-3835
Wuzly 2.0 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote injection of scripts via numerous parameters in admin/, mobile/, and index.php pages (e.g., Referer header in admin/login.php/admin/404.php, q in search.php, theme_name in theme_settings.php, username in admi...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...