RSS   Vulnerabilities for 'Aoblogger'   RSS

2006-01-18
 
CVE-2006-0312

 

 
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.

 
 
CVE-2006-0311

 

 
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

 
 
CVE-2006-0310

 

 
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.

 


Copyright 2017, cxsecurity.com