64 matches found
Page View Counts < 2.4.9 - Contributor+ Stored XSS
The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...
BBlog 0.7.4 PostID Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...
CVE-2012-5919
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...
Sql injection
SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...
CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
Sql injection
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...
CVE-2009-3594
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
CVE-2009-3594
Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
CVE-2008-5051
SQL injection vulnerability in the JooBlog comjb2 component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in sendemail.php in AN Guestbook ANG 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
CVE-2008-2414
Cross-site scripting XSS vulnerability in sendemail.php in AN Guestbook ANG 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
Sql injection
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter...
CVE-2008-1699
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter...
CVE-2007-1979
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...
Sql injection
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...
Sql injection
SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter...
CVE-2006-1639
SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter...