RSS   Vulnerabilities for 'Aflog'   RSS

2008-10-29
 
CVE-2008-4784

CWE-287
 

 
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.

 
2008-01-23
 
CVE-2008-0398

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.

 


Copyright 2020, cxsecurity.com

 

Back to Top