Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Recent | Sitemap

CVE-2007-3650 (myBloggie)
BugsAlert Home > CVE-2007-3650 (myBloggie)
 
 

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.




Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3650

Learn more about CVE-2007-3650 (myBloggie)
 
Tags: cve-2007-3650 mybloggie

Related Items
      FrSIRT - MyBB Multiple Security Bypass and Cross Site Scripting Vulnerabilities

      The Mozilla Blog: Fennec alpha 2 released

      FrSIRT - DESlock+ "DLMFENC" and "DLMFDISK" Privilege Escalation Issues

      FrSIRT - Debian Security Update Fixes OpenOffice.org Buffer Overflow Issues

      Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP)

      EsFaq 2.0 (idcat) Remote SQL Injection Vulnerability

      FatWire Content Server Two Cross-Site Scripting Vulnerabilities

 
© 2007-2009 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel