18 matches found
EUVD-2011-5059
Malware in sbrugna...
EUVD-2005-4021
Malware in sbrugna...
EUVD-2013-1506
Malware in sbrugna...
EUVD-2002-1896
Malware in sbrugna...
EUVD-2023-41661
Malicious code in bioql PyPI...
CVE-2002-1917
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header...
CVE-2005-4725
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID...
Geeklog 2.1.0b1 Database Disclosure
==================================================================================================================================== | Title : Geeklog v2.1.0b1 database disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
CVE-2023-37787
Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php...
geeklog 2.1.0b1 Local File Include Vulnerability
Exploit for php platform in category web applications ----------exploit Debut Local File Include Vulnerability ----------Author Info Name : JIKO ----------Script Info Site : https://www.geeklog.net/ Download : https://www.geeklog.net/filemgmt/uploaddir/geeklog-2.1.0b1.tar.gz Name : geeklog-2.1.0b...
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI...
Geeklog 1.3.7 - users.php?uid Cross-Site Scripting
Geeklog 1.3.7 - users.php?uid Cross-Site Scripting source: https://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker...
Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting...
Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting
Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting source: https://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing...
Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might b...
CVE-2002-0096
The installation of Geeklog 1.3 creates an extra groupassignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended...
CVE-2002-0097
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...
Cookie modification allows unauthenticated user login in Geeklog 1.3
A major security vulnerability exists in Geeklog 1.3, released on December 30th, 2001. When permanent cookies are enabled, as they are in a stock install, Geeklog stores a user's UID in a cookie upon successful login. This cookie is subsequently used during future visits to the site to...