CVE-2006-0661

The CVE-2006-0661 entry concerns a Cross-Site Scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host, exploitable via the BBcode [url] tag to inject arbitrary script/HTML. Affected components: Scriptme SmE GB Host 1.21 and SmE Blog Host. Root cause and impact: XSS allowing r...

[SA18786] SmE GB Host / Blog Host "url" BBcode Script Insertion

TITLE: SmE GB Host / Blog Host "url" BBcode Script Insertion SECUNIA ADVISORY ID: SA18786 VERIFY ADVISORY: http://secunia.com/advisories/18786/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: SmE GB Host 1.x http://secunia.com/product/7949/ SmE Blog Host...

Sql injection

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a commentadd action...

Cross site scripting

Cross-site scripting XSS vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter...

CVE-2006-0563

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a commentadd action...

CVE-2006-0562

Cross-site scripting XSS vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter...

CVE-2006-0563

PluggedOut Blog 1.9.9c has a SQL injection vulnerability in exec.php, exploitable via the entryid parameter in the comment_add action. This allows remote attackers to execute arbitrary SQL commands. The vulnerability is rated HIGH (CVSS v2 base score 7.5) by NVD, but the provided documents do not...

CVE-2006-0562

Cross-site scripting XSS vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter...

CVE-2006-0562

The CVE-2006-0562 entry describes a Cross-site Scripting (XSS) vulnerability in PluggedOut Blog 1.9.9c, where an attacker can inject arbitrary web script or HTML through the data parameter of problem.php. The vulnerability enables an attacker to execute script in a user’s browser, with the impact...

CVE-2006-0563

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a commentadd action...

PluggedOut-1.9.9c.txt

PluggedOut Blog SQL INJECTION and XSS PluggedOut Blog is an open source script you can run on your web server to give you an online multi-user journal or diary. It can be used equally well for any kind of calendar application.Rather than give you a thousand things you don't really want...

PluggedOut Blog SQL injection and XSS

PluggedOut Blog SQL INJECTION and XSS PluggedOut Blog is an open source script you can run on your web server to give you an online multi-user journal or diary. It can be used equally well for any kind of calendar application.Rather than give you a thousand things you don't really want...

CVE-2005-4690

CVE-2005-4690 relates to Six Apart Movable Type 3.16, where local users with blog-creation privileges can create or overwrite arbitrary files (e.g., HTML and image files) by selecting an arbitrary directory as the blog’s top-level directory. Note that this issue can be exploited in conjunction wi...

CVE-2006-0462

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter...

Sql injection

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter...

CVE-2006-0462

CVE-2006-0462 describes a SQL injection vulnerability in comentarios.php of AndoNET Blog version from 2004-09-02. The flaw allows remote attackers to execute arbitrary SQL commands through the entrada parameter, enabling potentially unauthorized data access or modification. The CVSS base score is...

CVE-2006-0462

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter...

[eVuln] AndoNET Blog SQL Injection Vulnerability

New eVuln Advisory: AndoNET Blog SQL Injection Vulnerability http://evuln.com/vulns/50/summary.html --------------------Summary---------------- Software: AndoNET Blog Sowtware's Web Site: http://www.andonet.tk/ Versions: 2004.09.02 Critical Level: Moderate Type: SQL Injection Class: Remote Status...

AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection

source: https://www.securityfocus.com/bid/16393/info AndoNET Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise t...

AndoNET Blog 2004.9.2 - Comentarios.php SQL Injection

AndoNET Blog 2004.9.2 - Comentarios.php SQL Injection source: https://www.securityfocus.com/bid/16393/info AndoNET Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successfu...