CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2007/03/13 7:19 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to 1 scripts/addblogcomment.php and 2 detail.php...

4.3CVSS6.2AI score0.01498EPSS

Prion•added 2007/03/13 7:19 p.m.•18 views

Sql injection

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a userdetail.php, id and 2 url parameter to b jump.php, and id variable to c detail.php...

7.5CVSS9.1AI score0.00994EPSS

NVD•added 2007/03/13 7:19 p.m.•21 views

CVE-2007-1434

7.5CVSS8.5AI score0.00994EPSS

NVD•added 2007/03/13 7:19 p.m.•20 views

CVE-2007-1432

Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in 1 the userpermissions parameter to addusers.php, and unspecified parameters to 2 addblog.php, 3 editblog.php, 4 editlinks.php, 5 editusers.php, and 6...

7.5CVSS7.1AI score0.02293EPSS

Exploits0References4

Prion•added 2007/03/13 7:19 p.m.•17 views

Code injection

7.5CVSS7.6AI score0.02293EPSS

Exploits0References4Affected Software1

NVD•added 2007/03/13 7:19 p.m.•14 views

CVE-2007-1433

4.3CVSS5.8AI score0.01498EPSS

CVE•added 2007/03/13 7:0 p.m.•45 views

CVE-2007-1432

The CVE-2007-1432 entry concerns Grayscale Blog 0.8.0 (and possibly earlier) where remote attackers can gain privileges by sending crafted requests with modified arguments to PHP scripts (add_users.php, addblog.php, editblog.php, editlinks.php, edit_users.php, add_links.php). The underlying issue...

7.5CVSS7.1AI score0.02293EPSS

Exploits0References4Affected Software1

Cvelist•added 2007/03/13 7:0 p.m.•28 views

CVE-2007-1433

5.8AI score0.01498EPSS

CVE•added 2007/03/13 7:0 p.m.•60 views

CVE-2007-1434

Grayscale Blog 0.8.0 (and possibly earlier) is affected by an SQL injection vulnerability. The vulnerable components are the PHP scripts userdetail.php (parameter id ), jump.php (parameter url ), and detail.php (parameter id ). Root cause: unsafely constructed SQL queries via these inputs, enabli...

7.5CVSS8.5AI score0.00994EPSS

Cvelist•added 2007/03/13 7:0 p.m.•22 views

CVE-2007-1432

7.1AI score0.02293EPSS

Exploits0References4

Cvelist•added 2007/03/13 7:0 p.m.•26 views

CVE-2007-1434

8.5AI score0.00994EPSS

CVE•added 2007/03/13 7:0 p.m.•57 views

CVE-2007-1433

CVE-2007-1433 is an XSS vulnerability affecting Grayscale Blog 0.8.0 (and possibly earlier). The issue arises in comment handling, allowing remote attackers to inject arbitrary web script or HTML via the comment fields in two pages: scripts/addblog_comment.php and detail.php. The NVD entry docume...

4.3CVSS5.8AI score0.01498EPSS

seebug.org•added 2007/03/10 12:0 a.m.•76 views

Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns

No description provided by source. Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/...

7.1AI score

securityvulns•added 2007/03/10 12:0 a.m.•66 views

Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0

Exploit DB•added 2007/03/09 12:0 a.m.•63 views

Grayscale Blog 0.8.0 - Security Bypass / SQL Injection / Cross-Site Scripting

7.4AI score

0day.today•added 2007/03/09 12:0 a.m.•118 views

Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns

Exploit for unknown platform in category web applications ==================================================================== Grayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns ==================================================================== Security Advisory - Multiple...

7.1AI score