Serendipity cross-site scripting vulnerability (CNVD-2016-00303)

Serendipity is a PHP-based blogging system. Serendipity serendipityadmin.php script fails to adequately filter the 'serendipityentryid' parameter in the 'edit' admin operation. This allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to...

GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...

Design/Logic Flaw

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

CVE-2007-4861

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

CVE-2007-4861

SAXON 5.4 is affected by multiple path disclosure flaws when display_errors is enabled. Exploitation vectors include direct requests to news.php, improper handling of newsid in admin/edit-item.php, and other scripts under admin/, rss/, and the installation root, which reveal server paths in error...

Authentication flaw

xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps...

CVE-2007-4637

CVE-2007-4637 affects xGB.php in xGB 2.0, where an admin edit action does not require authentication. This allows remote attackers to perform unspecified changes via an unknown series of steps. The NVD entry lists a MEDIUM base score (6.4) with network attack vector, low complexity, and no user i...

SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability

No description provided by source. Title : simpleblog = v 2.3 /admin/edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : "SimpleBlog 2.3 by 8pixel.net" ---------------------------------------------------------------------------...