5 results (0.007 seconds)

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. Vulnerabilidad de salto de directorio en index.php de Archangel Weblog 0.90.02 permite a atacantes remotos leer archivos de su eleción mediante un .. (punto punto) en el parámetro index. • https://www.exploit-db.com/exploits/3859 http://osvdb.org/41731 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Archangel Management Archangel Weblog 0.90.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de las secciones (1) nombre (Name) o (2) comentario (Comment). • http://securityreason.com/securityalert/1360 http://securitytracker.com/id?1016670 http://www.securityfocus.com/archive/1/442580/100/0/threaded http://www.securityfocus.com/bid/19432 https://exchange.xforce.ibmcloud.com/vulnerabilities/28287 •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2

Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. Archangel Weblog 0.90.02 permite a atacantes remotos eludir la autenticación estableciendo la cookie ba_admin a 1. • https://www.exploit-db.com/exploits/27324 http://securitytracker.com/id?1015689 http://www.osvdb.org/23620 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/24984 https://www.exploit-db.com/exploits/3859 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. Vulnerabilidad incluida en el archivo remoto PHP en admin/index.php en Archangel Weblog 0.90.02 permite a administradores remotos autenticados ejecutar código PHP arbitrario a través de una URL que termina en NULL (%00) en el parámetro index. • http://securitytracker.com/id?1015689 http://www.osvdb.org/23621 http://www.securityfocus.com/archive/1/426184/100/0/threaded http://www.securityfocus.com/bid/16848 https://exchange.xforce.ibmcloud.com/vulnerabilities/25142 • CWE-94: Improper Control of Generation of Code ('Code Injection') •