Sql injection

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter...

CVE-2006-2701

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission...

Path traversal

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to 1 layout/professional/functions.php or 2 getimage.php...

Sql injection

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission...

CVE-2006-2699

Geokay: CVE-2006-2699 is a documented Cross-site Scripting (XSS) vulnerability in Geeklog 1.4.0sr2 and earlier. The flaw exists in getimage.php’s show action where the image parameter can be exploited to inject arbitrary HTML or web script, enabling remote attackers to run injected content in a v...