Lucene search
K

362 matches found

CVE
CVE
added 2017/04/20 5:0 p.m.48 views

CVE-2016-4849

CVE-2016-4849 concerns Geeklog IVYWE edition 2.1.1. The vulnerability is a set of cross-site scripting flaws that can be triggered via the COM_getCurrentURL function used in four layout template files (public_html/layout/default/header.thtml, layout/bento/header.thtml, layout/fotos/header.thtml, ...

6.1CVSS6AI score0.01307EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2017/04/14 6:59 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.0168EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2017/04/14 6:0 p.m.39 views

CVE-2016-4875

CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...

6.1CVSS6AI score0.0168EPSS
Exploits0References5Affected Software3
Cvelist
Cvelist
added 2017/04/14 6:0 p.m.18 views

CVE-2016-4875

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.0168EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/23 5:15 a.m.3 views

Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...

6.1CVSS6AI score0.0168EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/09/23 12:0 a.m.33 views

JVN#46087986: Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting

Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the web browser of a user who is logged on as an administrator. Solution...

6.1CVSS6.1AI score0.0168EPSS
Exploits0
CNVD
CNVD
added 2016/08/21 12:0 a.m.6 views

Multiple Cross-Site Scripting Vulnerabilities in Geeklog IVYWE

geeklog is an open source content management system CMS. Multiple cross-site scripting vulnerabilities exist in Geeklog IVYWE. Because the program fails to properly perform user-supplied input, an attacker could exploit the vulnerabilities to execute arbitrary script code in a trusted user's...

6.1CVSS6.9AI score0.01307EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/19 5:13 a.m.6 views

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.01307EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/08/19 12:0 a.m.28 views

JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability

Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...

6.1CVSS6AI score0.01307EPSS
Exploits0
exploitpack
exploitpack
added 2016/02/19 12:0 a.m.44 views

Geeklog 1.4.0 - Multiple Vulnerabilities

Geeklog 1.4.0 - Multiple Vulnerabilities Geeklog Multiple Vulnerabilities Vendor: Geeklog Product: Geeklog Version: = 1.4.0 Website: http://www.geeklog.net/ BID: 16755 CVE: CVE-2006-0823 OSVDB: 23348 23349 SECUNIA: 18920 PACKETSTORM: 44070 Description: Geeklog is one of the most popular content...

7.5CVSS0.5AI score0.0167EPSS
Exploits2
Exploit DB
Exploit DB
added 2016/02/19 12:0 a.m.46 views

Geeklog < 1.4.0 - Multiple Vulnerabilities

Geeklog Multiple Vulnerabilities Vendor: Geeklog Product: Geeklog Version: = 1.4.0 Website: http://www.geeklog.net/ BID: 16755 CVE: CVE-2006-0823 OSVDB: 23348 23349 SECUNIA: 18920 PACKETSTORM: 44070 Description: Geeklog is one of the most popular content management systems available today. Geeklo...

7.5CVSS6.6AI score0.0167EPSS
Exploits2
0day.today
0day.today
added 2015/12/10 12:0 a.m.27 views

Geeklog 2.1.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Geeklog 2.1.0 - Command Injection, XSS, Command Injection Vulnerabilities Overview The admin area of Geeklog suffers from two vulnerabilities that can lead to code execution: OS Command Injection and Upload of Files with Dangerous Type. The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/09 12:0 a.m.33 views

Geeklog 2.1.0 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor:...

Exploits0
Packet Storm
Packet Storm
added 2015/12/09 12:0 a.m.27 views

Geeklog 2.1.0 Command Injection

!/usr/local/bin/python Exploit for geeklog-2.1.0 OS Command Injection vulnerability An admin account is required to use this exploit Curesec GmbH import sys import re import argparse import requests requires requests lib parser = argparse.ArgumentParser parser.addargument"url", help="base url to...

Exploits0
Packet Storm
Packet Storm
added 2015/12/09 12:0 a.m.34 views

Geeklog 2.1.0 Command Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Geeklog <= 1.5.2 - savepreferences()/*blocks[] SQL Injection Exploit

No description provided by source. ?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php nea...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit

No description provided by source. !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; print INTRO; +++++++++++++++++++++++++++++++++++++++++++++++++++++ + GeekLog = 1.5.0 Remote Arbitrary File Upload + + + + Discovered && Coded By: t0pP8uZz + + + + 0day?!?Most...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)

No description provided by source. !/usr/bin/perl -w use IO::Socket; print \r\n; print | Geeklog 1. remote commands execution |\r\n; print | By rgod rgodATautisticiDOTorg |\r\n; print | site: http://retrogod.altervista.org |\r\n; print | |\r\n; print \r\n; print | - this works against...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Geeklog 1.3.5 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.68 views

GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities

No description provided by source. --------------------------------------------------------------------------- GeekLog = 1.4.0 CONFpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Google d0rk: powered by geeklog Discovered By...

7.1AI score
Exploits0
Rows per page
Query Builder