Lucene search
K

676 matches found

Cvelist
Cvelist
added 2006/01/21 12:0 a.m.16 views

CVE-2006-0333

Cross-site scripting XSS vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the 1 month or 2 year parameter to index.php...

5.6AI score0.01167EPSS
Exploits0References3
CVE
CVE
added 2006/01/21 12:0 a.m.44 views

CVE-2006-0333

CVE-2006-0333: An XSS vulnerability in ar-blog 5.2 affects index.php, exploitable via the month or year parameters. Related entry CVE-2006-2809 expands the risk to additional parameters (count, next, Year_the_news, mo); note that the month/year vectors are already covered by CVE-2006-0333. No exp...

4.3CVSS5.6AI score0.01167EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/01/20 12:0 a.m.26 views

-2- [XSS] in ar-blog v 5.2

Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=XSS&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=XSS&all=9 Example : 1-...

0.3AI score
Exploits0
NVD
NVD
added 2005/11/04 12:2 a.m.14 views

CVE-2005-3495

Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...

7.5CVSS7AI score0.01635EPSS
Exploits0References4
NVD
NVD
added 2005/11/04 12:2 a.m.17 views

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

4.3CVSS5.7AI score0.01255EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/11/04 12:0 a.m.17 views

CVE-2005-3494

Cross-site scripting XSS vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment...

5.7AI score0.01255EPSS
Exploits1References4
CVE
CVE
added 2005/11/04 12:0 a.m.41 views

CVE-2005-3495

CVE-2005-3495 affects Ar-blog (versions 5.2 and earlier). The vulnerability allows remote attackers to bypass authentication by manipulating cookies, indicating a flaw in how session/authentication state is enforced. The available documents confirm the vulnerability pattern (cookie-based auth byp...

7.5CVSS7.4AI score0.01635EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/11/04 12:0 a.m.42 views

CVE-2005-3494

CVE-2005-3494 describes a cross-site scripting (XSS) flaw in Ar-blog versions 5.2 and earlier. The vulnerability allows a remote attacker to inject arbitrary web script or HTML through a blog comment, potentially compromising user sessions or displaying malicious content. The connected documents ...

4.3CVSS5.9AI score0.01255EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/11/04 12:0 a.m.18 views

CVE-2005-3495

Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies...

7AI score0.01635EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/10/26 12:0 a.m.27 views

[SA17307] ar-blog Script Insertion and Authentication Bypass Vulnerabilities

TITLE: ar-blog Script Insertion and Authentication Bypass Vulnerabilities SECUNIA ADVISORY ID: SA17307 VERIFY ADVISORY: http://secunia.com/advisories/17307/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: ar-blog 5.x...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2005/10/25 12:0 a.m.29 views

[Full-disclosure] Fwd: Vulnerability in Ar-blog ver 5.2 and prior versions

---------- Forwarded message ---------- From: M.o.H.a.J.a.L.i [email protected] Date: Oct 25, 2005 12:52 AM Subject: Vulnerability in Ar-blog ver 5.2 and prior versions To: [email protected] Vulnerability in Ar-blog ver 5.2 and prior Software: Ar-blog Vulnerable versions: = 5.2 Type:...

7.2AI score
Exploits0
CVE
CVE
added 2005/05/10 4:0 a.m.47 views

CVE-2004-1791

CVE-2004-1791 concerns Edimax AR-6004 ADSL Routers where the web management interface uses a default administrator name and password that also appear as the default login text. Multiple connected sources corroborate that this enables remote access to the device (attack surface is network-enabled)...

7.5CVSS7.3AI score0.01708EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2005/05/10 4:0 a.m.39 views

CVE-2004-1790

This CVE affects Edimax AR-6004 ADSL Routers. The issue is a Cross-site scripting (XSS) vulnerability in the web management interface, allowing remote attackers to inject arbitrary web script or HTML through the URL. The provided documents do not specify affected firmware versions, exact vulnerab...

4.3CVSS6AI score0.01911EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.18 views

CVE-2004-1791

The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access...

6.9AI score0.01708EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.18 views

CVE-2004-1790

Cross-site scripting XSS vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL...

5.7AI score0.01911EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.11 views

CVE-2004-1790

Cross-site scripting XSS vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL...

4.3CVSS5.7AI score0.01911EPSS
Exploits1References6
Rows per page
Query Builder