266 matches found
PT-2024-24042 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A code injection issue exists, allowing a user with administrator or higher privilege who can log in to the product to execute an arbitrary command...
PT-2024-24041 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting issue exists, allowing a...
PT-2024-24040 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A directory traversal vulnerability exists in...
PT-2024-23345 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting vulnerability exists in...
PT-2024-23347 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A server-side request forgery SSRF issue exists, allowing a user with administrator or higher privilege who can log in to the product to obtain...
a-blog cms 安全漏洞
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originated from a vulnerability that allows an attacker to log in to the product and execute...
a-blog cms 安全漏洞
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originates from a vulnerability that could allow an attacker to log in to the product and obtain...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
CVE-2024-27279
CVE-2024-27279 describes a directory traversal vulnerability in a-blog cms affecting multiple release branches: 3.1.x (up to 3.1.9), 3.0.x (up to 3.0.30), 2.11.x (up to 2.11.59), 2.10.x (up to 2.10.51), and 2.9 and earlier. A user with editor or higher privileges who can log in may obtain arbitra...
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...
PT-2024-21789 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and...
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms. An attacker can exploit the vulnerability to obtain arbitrary files on the server, including password files...
JVN#48443978: a-blog cms vulnerable to directory traversal
a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
Spoofing
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
a-blog cms vulnerable to URL spoofing
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
CVE-2024-25559
CVE-2024-25559 affects a-blog cms versions 3.1.0 through 3.1.8.1 The vulnerability is a URL spoofing issue that can force the administrator to visit an arbitrary website when clicking a link in the audit log, triggered by a specially crafted request. The root cause is exposure of trusted navigati...