Lucene search
K

73 matches found

0day.today
0day.today
added 2008/06/10 12:0 a.m.21 views

DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= DCFM Blog 0.9.4 comments Remote SQL Injection Vulnerability ============================================================= Title =======:: DCFM Blog 0.9.4 comments Remote SQL...

7.1AI score
Exploits0
NVD
NVD
added 2007/06/12 11:30 p.m.13 views

CVE-2007-3198

Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...

4.3CVSS5.9AI score0.02487EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/06/12 11:0 p.m.22 views

CVE-2007-3198

Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...

5.9AI score0.02487EPSS
Exploits1References10
Prion
Prion
added 2007/02/09 1:28 a.m.13 views

Sql injection

SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter...

7.5CVSS8AI score0.01194EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/01/13 2:28 a.m.19 views

CVE-2007-0231

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

6.8CVSS5.5AI score0.01182EPSS
Exploits0References5
Prion
Prion
added 2007/01/13 2:28 a.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

6.8CVSS5.9AI score0.01182EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/01/13 2:0 a.m.51 views

CVE-2007-0231

CVE-2007-0231 describes a cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33 where, if nofollow is disabled and unmoderated comments are enabled, a remote attacker can inject arbitrary web script or HTML via the Comments field. The vulnerability concerns Movable Type 3.33 and is t...

6.8CVSS5.6AI score0.01182EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2006/11/16 12:0 a.m.34 views

Blogme v3 [admin login bypass & xss (post)]

vendor site:http://www.drumster.net/ product:Blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerables fields: - Name - URL - Comments laurent gaffie & benjamin mosse http://s-a-p.ca/ contact:...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2006/11/14 12:0 a.m.14 views

blogme 3.0 - Cross-Site Scripting Authentication Bypass

blogme 3.0 - Cross-Site Scripting Authentication Bypass blogme v3 admin login bypass & xss post vendor site:http://www.drumster.net/ product:blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerabl...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2006/08/31 10:0 p.m.24 views

CVE-2006-4497

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.0108EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/08/22 5:0 p.m.17 views

CVE-2006-4284

SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

8.4AI score0.01825EPSS
Exploits1References8
securityvulns
securityvulns
added 2004/04/15 12:0 a.m.22 views

[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection

Products: Postnuke v 0.726 http://www.postnuke.com Date: 15 April 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors:skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.726 and below SQL injection...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2001/04/09 12:0 a.m.9 views

Netscape Navigator 4.0.8 - about: Domain Information Disclosure

Netscape Navigator 4.0.8 - about: Domain Information Disclosure source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment...

7.2AI score
Exploits0
Rows per page
Query Builder