RSS   Podatności dla 'Php-blogger'   RSS

2007-08-03
 
CVE-2007-4157

CWE-Other
 

 
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.

 
2006-07-11
 
CVE-2006-3514

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top