NotCVE - vendor:"Archangelmgt" product:"Weblog" version:"0.90.02"

5 results (0.003 seconds)

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

CVE-2008-3318 – Maian Weblog 4.0 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3318

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-2574 – Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass

https://notcve.org/view.php?id=CVE-2007-2574

Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. Vulnerabilidad de salto de directorio en index.php de Archangel Weblog 0.90.02 permite a atacantes remotos leer archivos de su eleción mediante un .. (punto punto) en el parámetro index. • https://www.exploit-db.com/exploits/3859 http://osvdb.org/41731 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-4091

https://notcve.org/view.php?id=CVE-2006-4091

Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Archangel Management Archangel Weblog 0.90.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de las secciones (1) nombre (Name) o (2) comentario (Comment). • http://securityreason.com/securityalert/1360 http://securitytracker.com/id?1016670 http://www.securityfocus.com/archive/1/442580/100/0/threaded http://www.securityfocus.com/bid/19432 https://exchange.xforce.ibmcloud.com/vulnerabilities/28287 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-0945

https://notcve.org/view.php?id=CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. Vulnerabilidad incluida en el archivo remoto PHP en admin/index.php en Archangel Weblog 0.90.02 permite a administradores remotos autenticados ejecutar código PHP arbitrario a través de una URL que termina en NULL (%00) en el parámetro index. • http://securitytracker.com/id?1015689 http://www.osvdb.org/23621 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/25142 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2

CVE-2006-0944 – Archangel Weblog 0.90.2 - Authentication Bypass

https://notcve.org/view.php?id=CVE-2006-0944

Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. Archangel Weblog 0.90.02 permite a atacantes remotos eludir la autenticación estableciendo la cookie ba_admin a 1. • https://www.exploit-db.com/exploits/27324 http://securitytracker.com/id?1015689 http://www.osvdb.org/23620 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/24984 https://www.exploit-db.com/exploits/3859 •