4 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in mensaje.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
CVE-2008-3306
CVE-2008-3306 targets C. Desseno YouTube Blog (ytb) 0.1. The vulnerability is a SQL injection in info.php that allows remote attackers to execute arbitrary SQL commands via the id parameter (a vector distinct from CVE-2008-3307). Associated records indicate a second, related entry (CVE-2008-3307)...
CVE-2008-3308
CVE-2008-3308 : PHP remote file inclusion in cuenta/cuerpo.php of C. Desseno YouTube Blog (ytb) 0.1. When register_globals is enabled, an attacker can provide a URL in the base_archivo parameter to execute arbitrary PHP code on the server. Affected scenario: vulnerable 0.1 with register_globals. ...
CVE-2008-3305
The CVE-2008-3305 entry describes a Cross-site Scripting (XSS) vulnerability in the C. Desseno YouTube Blog (ytb) 0.1 platform, specifically in the file mensaje.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the m parameter. Concrete details across conne...