7698 matches found
sBLOG search.php keyword Parameter SQL Injection
The remote host is running sBLOG, a PHP-based blog application. The installed version of sBLOG fails to validate user input to the 'keyword' parameter of the 'search.php' script before using it to generate database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated attacker...
Blog Mod <= 0.2.x SQL Injection
==================== Discovered by: Qex Date: 28 April 2006 ==================== /weblogposting.php?mode=quote&r=SQL&w=1...
CVE-2006-2127
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
Sql injection
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
CVE-2006-2127
CVE-2006-2127 affects Blog Mod 0.2.x; a SQL injection in weblog_posting.php allows remote attackers to execute arbitrary SQL via the r parameter, with a base risk score of 6.4 (Medium). No explicit remediation or exploit details are provided in the connected documents.
CVE-2006-2127
SQL injection vulnerability in weblogposting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter...
Blog 0.2.30.2.4 Mod - Weblog_posting.php SQL Injection
Blog 0.2.30.2.4 Mod - Weblogposting.php SQL Injection source: https://www.securityfocus.com/bid/17744/info Blog Mod is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful...
CVE-2006-2004
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...
Sql injection
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...
CVE-2006-2004
CVE-2006-2004 describes multiple SQL injection vulnerabilities in RI Blog 1.1 that allow remote attackers to execute arbitrary SQL commands through the (1) username or (2) password fields. The CVSS base score is 7.5 (HIGH) with network attack vector, low complexity, and no authentication required...
CVE-2006-2004
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...
CVE-2006-1893
Cross-site scripting XSS vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 website parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2006-1899
Multiple cross-site scripting XSS vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 website parameters...
CVE-2006-1899
CVE-2006-1899 affects dev Neuron Blog 1.1 and earlier, with multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. The issue stems from insufficient input sanitization in these fields, ena...
CVE-2006-1899
Multiple cross-site scripting XSS vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 website parameters...
CVE-2006-1893
CVE-2006-1893 describes a cross-site scripting (XSS) vulnerability in the print.php component of ar-blog 5.2, exploitable via the id parameter to inject arbitrary script/HTML. The vulnerability is documented across multiple sources (NVD, CVE List, PRION, etc.), with the impact described as enabli...
CVE-2006-1893
Cross-site scripting XSS vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
Neuron Blog <= 1.1 XSS
==================== Discovered by: Qex Date: 17 April 2006 ==================== Add comment :- name: XSS e-mail: website: XSS...