Weblog Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown...
8AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.002EPSS
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely...
7.3AI Score
0.015EPSS
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as...
7.8CVSS
7.5AI Score
0.001EPSS
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port...
7.5CVSS
7.4AI Score
0.375EPSS
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per...
8.8CVSS
9AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to...
5.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)"...
5.8AI Score
0.002EPSS
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party...
6.7AI Score
0.003EPSS
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie...
7.3AI Score
0.073EPSS
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id...
8.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4).....
5.8AI Score
0.003EPSS
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date parameter to...
6.9AI Score
0.015EPSS
Multiple cross-site scripting (XSS) vulnerabilities in artmedic webdesign weblog allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to artmedic_print.php and the (2) jahrneu parameter to...
5.8AI Score
0.004EPSS
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story...
8.5AI Score
0.001EPSS
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile...
7.4AI Score
0.009EPSS
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index...
6.7AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than...
5.6AI Score
0.016EPSS
PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before...
7.5AI Score
0.033EPSS
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles...
6.7AI Score
0.02EPSS
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action...
5.6AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment...
6AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG...
5.8AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b)...
8.5AI Score
0.008EPSS
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index...
7.2AI Score
0.005EPSS
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to...
7AI Score
0.042EPSS
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link...
5.8AI Score
0.017EPSS
Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted...
6.2AI Score
0.008EPSS
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP...
6.1AI Score
0.003EPSS
Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error...
6.7AI Score
0.004EPSS
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in...
8.3AI Score
0.004EPSS