Lucene search
K

7738 matches found

NVD
NVD
added 2009/12/24 5:30 p.m.13 views

CVE-2009-4421

Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...

6.5CVSS6.8AI score0.01999EPSS
Exploits1References4
Prion
Prion
added 2009/12/24 5:30 p.m.19 views

Directory traversal

Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...

6.5CVSS7.2AI score0.01999EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2009/12/24 5:0 p.m.14 views

CVE-2009-4421

Directory traversal vulnerability in languagescgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the bloglanguage1 parameter...

6.8AI score0.01999EPSS
Exploits1References4
CVE
CVE
added 2009/12/24 5:0 p.m.42 views

CVE-2009-4421

CVE-2009-4421 affects Simple PHP Blog

6.5CVSS6.8AI score0.01999EPSS
Exploits1References4Affected Software1
myhack58
myhack58
added 2009/12/24 12:0 a.m.12 views

dvbbs 8. 2 reception 0day-vulnerability warning-the black bar safety net

Small aviation blog Use: Posting, the title for the following sql statement, and then comments. 0 for neutral, 1 for support, 2 for the opposition. At this time sql statement is executed Library name: a’,’,1,’hang’,’2008-2-4’,’,2;update//dvuser//set//useremail=dbname//where//username=’hang’-- Add...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2009/12/24 12:0 a.m.16 views

Hasta Blog v2.3 XSS vulnerability

No description provided by source. ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || Script Name : Hasta Blog Bug Type : XSS vulnerability » Founder: LionTurk -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/22 12:0 a.m.19 views

Simple PHP Blog <= 0.5.1 Local File Include vulnerability

No description provided by source. ============================================= INTERNET SECURITY AUDITORS ALERT 2009-005 - Original release date: March 2nd, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS scored...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/12/22 12:0 a.m.11 views

Simple PHP Blog 0.5.1 - Local File Inclusion

Simple PHP Blog 0.5.1 - Local File Inclusion Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in th...

Exploits0
seebug.org
seebug.org
added 2009/12/22 12:0 a.m.19 views

Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability

No description provided by source. Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context ...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/12/22 12:0 a.m.22 views

Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================= Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability ========================================================= Simple PHP Blog is prone to a local file-include vulnerability...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/22 12:0 a.m.29 views

Simple PHP Blog 0.5.1 - Local File Inclusion

Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may...

7.4AI score
Exploits0
NVD
NVD
added 2009/12/21 4:30 p.m.21 views

CVE-2009-4364

Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

4.3CVSS5.6AI score0.01472EPSS
Exploits0References3
NVD
NVD
added 2009/12/21 4:30 p.m.11 views

CVE-2009-4365

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

4.3CVSS7.2AI score0.00925EPSS
Exploits1References4
Prion
Prion
added 2009/12/21 4:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...

4.3CVSS6.1AI score0.01525EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2009/12/21 4:30 p.m.12 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

4.3CVSS7.8AI score0.00925EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/12/21 4:30 p.m.12 views

CVE-2009-4366

Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the yr parameter in a bmonth action...

4.3CVSS5.7AI score0.01525EPSS
Exploits1References4
Prion
Prion
added 2009/12/21 4:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in ScriptsEz Ez Blog allows remote attackers to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

4.3CVSS6.1AI score0.01472EPSS
Exploits0References3
CVE
CVE
added 2009/12/21 4:0 p.m.38 views

CVE-2009-4364

CVE-2009-4364 describes a Cross-site Scripting (XSS) vulnerability in the ScriptsEz Ez Blog, affecting the application’s index.php where the cname parameter can inject arbitrary web script/HTML (related to the act and id parameters). The root cause is insufficient input validation on cname. Impac...

4.3CVSS5.6AI score0.01472EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/12/21 4:0 p.m.47 views

CVE-2009-4365

CVE-2009-4365 describes multiple cross-site request forgery (CSRF) vulnerabilities in admin.php of ScriptsEz Ez Blog 1.0. The issue allows remote attackers to hijack administrator sessions and perform actions such as adding a blog (add_blog), approving comments (approve_comment), changing adminis...

4.3CVSS7.2AI score0.00925EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2009/12/21 4:0 p.m.47 views

CVE-2009-4366

ScriptsEz Ez Blog 1.0 contains a cross-site scripting (XSS) vulnerability in index.php where the yr parameter in a bmonth action can be used to inject arbitrary web script/HTML. CVE-2009-4366 has CVSSv2 base score 4.3 (Medium); attack vector: Network; authentication: None; confidentiality impact:...

4.3CVSS5.7AI score0.01525EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder