Lucene search
+L

266 matches found

Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.7 views

PT-2024-24042 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A code injection issue exists, allowing a user with administrator or higher privilege who can log in to the product to execute an arbitrary command...

6.6CVSS7.5AI score0.00414EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.4 views

PT-2024-24041 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting issue exists, allowing a...

6.1CVSS6.3AI score0.00304EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.7 views

PT-2024-24040 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A directory traversal vulnerability exists in...

6.5CVSS6.6AI score0.00739EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-23345 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting vulnerability exists in...

5.4CVSS6.2AI score0.00249EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-23347 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A server-side request forgery SSRF issue exists, allowing a user with administrator or higher privilege who can log in to the product to obtain...

4.4CVSS6.5AI score0.00317EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originated from a vulnerability that allows an attacker to log in to the product and execute...

6.6CVSS6.9AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originates from a vulnerability that could allow an attacker to log in to the product and obtain...

6.5CVSS6.6AI score0.00739EPSS
Exploits0References4
NVD
NVD
added 2024/03/12 9:15 a.m.28 views

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

6.5CVSS6.8AI score0.00832EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 8:19 a.m.22 views

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

6.8AI score0.00832EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 8:19 a.m.71 views

CVE-2024-27279

CVE-2024-27279 describes a directory traversal vulnerability in a-blog cms affecting multiple release branches: 3.1.x (up to 3.1.9), 3.0.x (up to 3.0.30), 2.11.x (up to 2.11.59), 2.10.x (up to 2.10.51), and 2.9 and earlier. A user with editor or higher privileges who can log in may obtain arbitra...

6.5CVSS7AI score0.00832EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/12 8:19 a.m.44 views

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

7.1AI score0.00832EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-21789 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and...

6.5CVSS6.7AI score0.00832EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/08 12:0 a.m.5 views

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms. An attacker can exploit the vulnerability to obtain arbitrary files on the server, including password files...

6.5CVSS7AI score0.00832EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/08 12:0 a.m.35 views

JVN#48443978: a-blog cms vulnerable to directory traversal

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...

6.5CVSS6.7AI score0.00832EPSS
Exploits0
NVD
NVD
added 2024/02/15 5:15 a.m.27 views

CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

4.7CVSS6.5AI score0.00448EPSS
Exploits0References2
Prion
Prion
added 2024/02/15 5:15 a.m.12 views

Spoofing

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

7AI score0.00448EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/15 5:12 a.m.2 views

a-blog cms vulnerable to URL spoofing

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.7CVSS6.6AI score0.00448EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/15 4:32 a.m.13 views

CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

6.8AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/15 4:32 a.m.24 views

CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

6.7AI score0.00448EPSS
Exploits0References2
CVE
CVE
added 2024/02/15 4:32 a.m.86 views

CVE-2024-25559

CVE-2024-25559 affects a-blog cms versions 3.1.0 through 3.1.8.1 The vulnerability is a URL spoofing issue that can force the administrator to visit an arbitrary website when clicking a link in the audit log, triggered by a specially crafted request. The root cause is exposure of trusted navigati...

4.7CVSS6.7AI score0.00448EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder