Lucene search
K

220 matches found

Positive Technologies
Positive Technologies
added 2018/11/22 12:0 a.m.4 views

PT-2018-14968 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading an image with the image/jpeg content type to the "zb system/admin/index.php?act=UploadMng" API endpoint. This requires...

8.8CVSS9.1AI score0.02172EPSS
Exploits0References3
NVD
NVD
added 2018/10/30 6:29 a.m.12 views

CVE-2018-18842

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

8.8CVSS9AI score0.00815EPSS
Exploits1References2
Prion
Prion
added 2018/10/30 6:29 a.m.13 views

Cross site request forgery (csrf)

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

6.8CVSS9AI score0.00815EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/10/30 6:0 a.m.45 views

CVE-2018-18842

CVE-2018-18842 : Z-BlogPHP 1.5.2.1935 (Zero) is affected by a CSRF vulnerability in zb_users/plugin/AppCentre/theme.js.php. The flaw permits remote attackers to execute arbitrary PHP code on the affected system. The root cause is a CSRF in the theme.js.php file, enabling code execution when an at...

8.8CVSS8.9AI score0.00815EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/10/30 6:0 a.m.15 views

CVE-2018-18842

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

9AI score0.00815EPSS
Exploits1References2
OSV
OSV
added 2018/10/16 7:29 a.m.3 views

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

5.4CVSS5.8AI score0.00546EPSS
Exploits1References1
NVD
NVD
added 2018/10/16 7:29 a.m.10 views

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

5.4CVSS5.3AI score0.00546EPSS
Exploits1References1
Prion
Prion
added 2018/10/16 7:29 a.m.11 views

Cross site scripting

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

3.5CVSS5.2AI score0.00546EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/16 7:0 a.m.17 views

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...

5.3AI score0.00546EPSS
Exploits1References1
CVE
CVE
added 2018/10/16 7:0 a.m.49 views

CVE-2018-18381

Z-BlogPHP 1.5.2.1935 (Zero) is affected by a stored XSS in zb_system/function/c_system_admin.php, exploitable via the Content-Type header during image attachment uploads. Affected component is the server-side upload handling in zb_system/function/c_system_admin.php; the issue allows injection of ...

5.4CVSS5.2AI score0.00546EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/10/16 12:0 a.m.3 views

Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-21484)

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in the zbsystem/function/csystemadmin.php file in Z-BlogPHP version 1.5.2.1935 Zero. When uploading an image attachment, a remote attacker can exploit this...

5.4CVSS5.6AI score0.00546EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/18 12:0 a.m.3 views

Z-BlogPHP Security Bypass Vulnerability

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 2.0.0. An attacker can exploit the vulnerability to bypass access restrictions...

7.2CVSS6.9AI score0.0102EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/18 12:0 a.m.3 views

Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-09795)

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 2.0.0. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the 'copyright notice' field...

4.8CVSS6.1AI score0.00891EPSS
Exploits1References1
Prion
Prion
added 2018/05/16 3:29 p.m.16 views

Design/Logic Flaw

DISPUTED An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid...

4CVSS7AI score0.0102EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/05/16 3:29 p.m.3 views

CVE-2018-11209

An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...

7.2CVSS5.8AI score0.0102EPSS
Exploits1References2
NVD
NVD
added 2018/05/16 3:29 p.m.19 views

CVE-2018-11209

An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...

7.2CVSS7AI score0.0102EPSS
Exploits1References2
OSV
OSV
added 2018/05/16 3:29 p.m.3 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

4.8CVSS5.7AI score0.00891EPSS
Exploits1References2
NVD
NVD
added 2018/05/16 3:29 p.m.19 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

4.8CVSS5AI score0.00891EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/05/16 3:0 p.m.21 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

5AI score0.00891EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2018/05/16 3:0 p.m.13 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

5.8AI score0.00891EPSS
Exploits1References2
Rows per page
Query Builder