CVE-2006-6035 – Blog:CMS 4.1.3 - 'list.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6035
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.php de BLOG:CMS 4.1.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro FADDR. • https://www.exploit-db.com/exploits/29095 http://marc.info/?l=bugtraq&m=116387287216907&w=2 http://secunia.com/advisories/23025 http://securitytracker.com/id?1017250 http://www.securityfocus.com/bid/21173 http://www.vupen.com/english/advisories/2006/4598 https://exchange.xforce.ibmcloud.com/vulnerabilities/30385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-4748
https://notcve.org/view.php?id=CVE-2006-4748
Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. Múltiples vulnerabilidades de inyección SQL en F-ART BLOG:CMS 4.1, permite a un atacante remoto ejecutar comandos SQL de su eleccióna través de lso parámetros 1) xagent, (2) xpath, (3) xreferer, y (4) xdnsen en (a) admin/plugins/NP_Log.php, y el parámetro pitem en (b)admin/plugins/NP_Poll.php; y permite a un usuario remoto validado ejecutar comandos SQL de su elección a través del parámetro (6)pageRef en (c)admin/plugins/NP_Referrer.php. • http://blogcms.com/wiki/changelog http://secunia.com/advisories/21808 http://securityreason.com/securityalert/1566 http://www.hackers.ir/advisories/blogcms.html http://www.osvdb.org/28604 http://www.osvdb.org/28605 http://www.osvdb.org/28606 http://www.securityfocus.com/archive/1/445538/100/0/threaded http://www.securityfocus.com/bid/19909 http://www.vupen.com/english/advisories/2006/3521 https://exchange.xforce.ibmcloud.com/vulnerabilities/28808 •