CVE-2013-7243

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...

CVE-2012-6621

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting

Author Information Author : Ahmed Elhady Mohamed Website : http://1nfosec4all.blogspot.com/ twitter : @kingasmk facebook :https://www.facebook.com/groups/ITsec4all/ Software Information Affected Software : GetSimple CMS 3.2.3, 3.1.2 Software website : http://get-simple.info/ CVE Reference :...

BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability

BP Blog 6.0 id Remote Blind SQL Injection Vulnerability JosS, Jose Luis Gуngora Fernбndez Spanish Hackers Team www.spanish-hackers.com + Info: Software: bp blog HomePage: http://blog.betaparticle.com/ Exploit: Blind SQL Injection High Vuln file: templatepermalink.asp Vuln file2:...

Directory traversal

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

CVE-2008-0559

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

CVE-2008-0559

CVE-2008-0559 affects Nilson’s Blogger 0.11. The vulnerability is a directory-traversal flaw that allows remote attackers to include and execute arbitrary local files via a .. in two parameters: (1) permalink in core.php (through index.php) and (2) thispost in comments.php. Root cause is improper...

CVE-2008-0559

Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the permalink parameter in core.php, accessed through index.php; and 2 the thispost parameter in comments.php...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...