CVE-2007-3888

Multiple cross-site scripting XSS vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the search action, possibly related to the term parameter to index.php; or 2 an anonymous blog entry, possibly involving the a postedby, b...

CVE-2007-3888

CVE-2007-3888 affects Insanely Simple Blog 0.5 and earlier, with multiple XSS vulnerabilities. The issue is exploitable via (1) the search action, potentially related to the term parameter to index.php, and (2) an anonymous blog entry, possibly involving posted_by, subject, and content parameters...

CVE-2007-3889

Affected: Insanely Simple Blog 0.5 and earlier. Vulnerability: multiple SQL injection weaknesses allowing remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. Root cause: improper input handling enabling injection. Imp...

CVE-2007-3889

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the currentsubsection parameter to index.php and other unspecified vectors...

isb05-sql.txt

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issue...

Insanely Simple Blog 0.40.5 - Cross-Site Scripting

Insanely Simple Blog 0.40.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly...

CVE-2006-4592

The CVE-2006-4592 entry concerns the 8pixel.net Simple Blog 2.3 and earlier . The vulnerability is an incomplete blacklist allowing SQL injection via the id parameter in default.asp where ">" characters bypass protection. This enables remote attackers to perform SQL injection. References indic...

CVE-2006-4592

Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via "" characters in the id parameter, which are not filtered by the protection mechanism...

simpleBlogXSS.txt

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...

Sql injection

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts...

CVE-2006-0239

Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...

CVE-2006-0239

CVE-2006-0239 describes multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1. An attacker can inject arbitrary script/HTML via (1) a comment to comments.asp and (2) possibly other fields in unspecified scripts. The accessible impact is partial confidentiality and integrity (per ...

CVE-2006-0240

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts...

CVE-2006-0240

CVE-2006-0240 involves multiple SQL injection vulnerabilities in Simple Blog 2.1 . The flaws allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly other parameters in unspecified scripts. The primary sources consistently descri...