23 matches found
EUVD-2011-3796
Malware in sbrugna...
EUVD-2011-3793
Malware in sbrugna...
EUVD-2011-3792
Malware in sbrugna...
EUVD-2011-3795
Malware in sbrugna...
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3838
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Sql injection
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to fp.php, 2 epage parameter to newpage.php, 3 epost parameter to newpost.php, and 4 username parameter to login.php in admin/; or the 5 username parameter to...
Directory traversal
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3837
Directory traversal vulnerability in blogsystem/datafunctions.php in Wuzly 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the preview parameter to index.php...
CVE-2011-3839
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...
CVE-2011-3838
Technical details about CVE-2011-3838 are not publicly provided in the connected documents. The available sources only reiterate SQL injection in Wuzly 2.0 without version/impact details. Monitor for updates.
CVE-2011-3835
Wuzly 2.0 contains multiple cross-site scripting (XSS) vulnerabilities that allow remote injection of scripts via numerous parameters in admin/, mobile/, and index.php pages (e.g., Referer header in admin/login.php/admin/404.php, q in search.php, theme_name in theme_settings.php, username in admi...
CVE-2011-3837
CVE-2011-3837 concerns a directory traversal vulnerability in Wuzly 2.0. The affected component is blog_system/data_functions.php, with the root cause being improper handling of the preview parameter in index.php, allowing remote attackers to read arbitrary files via .. (dot dot). Public referenc...
CVE-2011-3836
Multiple cross-site request forgery CSRF vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator, 2 perform cross-site scripting XSS, 3 perform SQL injection, or have other unspecified impact via unknown vectors...
CVE-2011-3839
Summary: CVE-2011-3839 affects Wuzly 2.0. The vulnerability is an authentication bypass in the administration functionality caused by setting the dXNlcm5hbWU cookie, enabling remote attackers to bypass authentication. The impact per the metrics is partial confidentiality, integrity, and availabil...