CVE-2006-5080
https://notcve.org/view.php?id=CVE-2006-5080
Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de búsqueda en Six Apart Movable Type 3.3 a 3.32, y Movable Type Enterprise 1.01 y 1.02, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://jvn.jp/jp/JVN%2368295640/index.html http://secunia.com/advisories/22109 http://www.osvdb.org/29177 http://www.securityfocus.com/bid/20228 http://www.sixapart.com/movabletype/news/2006/09/mt_333-mte_103_updates.html http://www.vupen.com/english/advisories/2006/3779 https://exchange.xforce.ibmcloud.com/vulnerabilities/29183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-4689
https://notcve.org/view.php?id=CVE-2005-4689
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html •
CVE-2005-4690
https://notcve.org/view.php?id=CVE-2005-4690
Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://secunia.com/advisories/16899 http://www.securityfocus.com/bid/15302 •
CVE-2005-3101
https://notcve.org/view.php?id=CVE-2005-3101
The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://secunia.com/advisories/16899 http://www.securityfocus.com/bid/14911 •
CVE-2005-3103
https://notcve.org/view.php?id=CVE-2005-3103
Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://secunia.com/advisories/16899 •