Profile of Reality Winner

New York Magazine published an excellent profile of the single-document leaker Reality Winner...

Cells Blog Cross-Site Scripting Vulnerability

Cells Blog is a free but powerful mini blogging system. A cross-site scripting vulnerability exists in Cells Blog 3.5. An attacker can exploit this vulnerability by using the jfdname parameter in the act=showpic request to conduct a cross-site scripting attack...

Cells Blog Cross-Site Scripting Vulnerability (CNVD-2018-00086)

Cells Blog is a free but powerful mini blogging system. A cross-site scripting vulnerability exists in Cells Blog 3.5. An attacker can exploit this vulnerability via the pubreadpost.php fmid parameter to conduct a cross-site scripting attack...

Logic Design Vulnerability in Catfish CMS/Blog System Logins

Catfish catfish CMS is open source PHP content management system. A logical design vulnerability exists in the Catfish CMS/Blog system login. Allow attackers to exploit the vulnerability to bypass the CAPTCHA authentication and carry out unlimited blasting attacks on the system...

Cells Blog SQL Injection Vulnerability

Cells Blog is a free but powerful mini blogging system. Cells Blog 3.5 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by using the pubreadpost.php ptid parameter to conduct a SQL injection attack...

CVE-2017-17949

Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...

Sql injection

Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...

Code injection

Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...

CVE-2017-17949

Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...

CVE-2017-17948

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...

CVE-2017-17948

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...

CVE-2017-17950

Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...

Cross site request forgery (csrf)

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...

CVE-2017-17950

Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...

CVE-2017-17948

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...

CVE-2017-17950

Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...

CVE-2017-17949

Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...

CVE-2017-17950

CVE-2017-17950 affects Cells Blog 3.5, where the pub_readpost.php ptid parameter enables SQL injection via user-supplied input. The vulnerability’s impact is described in multiple sources (e.g., NVD and CNVD) as allowing unauthorized access to data with partial to high severity. Exploitation deta...

CVE-2017-17948

Cells Blog 3.5 is affected by a Cross‑Site Scripting (XSS) vulnerability that can be triggered via the jfdname parameter in an act=showpic request. Multiple sources (NVD/NVD mirror, CNVD, Red Hat advisory, CNVD) corroborate the issue, describing XSS in Cells Blog 3.5 and the jfdname parameter pat...

CVE-2017-17949

CVE-2017-17949 applies to Cells Blog 3.5. The vulnerability is a Cross-Site Scripting (XSS) flaw exploited via the pub_readpost.php fmid parameter. The connected sources confirm XSS in Cells Blog 3.5 and describe the vulnerability vector, without providing a specific patch/version, workarounds, o...