Lucene search
K

75 matches found

Prion
Prion
added 2021/09/20 10:15 a.m.12 views

Sql injection

The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...

6.5CVSS8.9AI score0.04561EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/09 10:4 a.m.22 views

CVE-2021-24509 Page View Counts < 2.4.9 - Contributor+ Stored XSS

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the...

5.4AI score0.00624EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.5 views

WordPress 跨站脚本漏洞

WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in the Page View Count plugin for WordPress prior to 2.4.9, which fails to escape the postid parameter of the pvcstats shortcode, allowing user...

5.4CVSS5.2AI score0.00624EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/07/12 12:0 a.m.18 views

Page View Counts < 2.4.9 - Contributor+ Stored XSS

The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...

3.5CVSS2.3AI score0.00624EPSS
Exploits2Affected Software1
Packet Storm
Packet Storm
added 2021/06/28 12:0 a.m.605 views

WordPress wpDiscuz 7.0.4 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthenticated File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress...

7.5CVSS0.94535EPSS
Exploits19
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit

No description provided by source. !-- Particle Blogger All Version Post.PHP PostID Remote SQL Injection Exploit Type : SQL Injection Release Date : 2007-03-16 Product / Vendor : Particle Soft http://blogger.particlesoft.net/ Bug : http://localhost/script/post.php?postid=-SQL Inj- Particle Blogge...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

BBlog 0.7.4 PostID Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit

No description provided by source. html head titleXOOPS Module PopnupBlog = 2.52 postid BLIND SQL Injection Exploit/title script type=text/javascript //'=============================================================================================== //'Script Name: XOOPS Module PopnupBlog = 2.52...

7.1AI score
Exploits0
NVD
NVD
added 2012/11/19 12:10 p.m.20 views

CVE-2012-5919

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS5.8AI score0.01822EPSS
Exploits1References6
Prion
Prion
added 2012/11/19 12:10 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS6.1AI score0.01822EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2012/11/17 9:55 p.m.13 views

Sql injection

SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...

7.5CVSS9AI score0.01119EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2011/10/07 10:55 a.m.18 views

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

7.5CVSS8.4AI score0.00929EPSS
Exploits1References2
Prion
Prion
added 2011/10/07 10:55 a.m.13 views

Sql injection

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

7.5CVSS9.1AI score0.00929EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2011/10/07 10:0 a.m.20 views

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

8.4AI score0.00929EPSS
Exploits1References2
NVD
NVD
added 2009/10/08 5:30 p.m.11 views

CVE-2009-3594

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References4
Prion
Prion
added 2009/10/08 5:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/10/08 5:0 p.m.20 views

CVE-2009-3594

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

5.7AI score0.01033EPSS
Exploits0References4
NVD
NVD
added 2008/11/13 2:30 a.m.14 views

CVE-2008-5051

SQL injection vulnerability in the JooBlog comjb2 component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php...

7.5CVSS8.4AI score0.01014EPSS
Exploits1References5
exploitpack
exploitpack
added 2008/11/10 12:0 a.m.24 views

Joomla! Component JooBlog 0.1.1 - PostID SQL Injection

Joomla! Component JooBlog 0.1.1 - PostID SQL Injection Joomla Component comjb2PostID SQL-injetion Vulnerability Author : boom3rang Kosova Hackers Group www.khg-crew.ws Greetz : H!tm@N, KHG, chs, redc00de, LiTTle-Hack3r, L1RIDON1. ! ModuleName: comjb2 ! ScriptName: Joomla ! GoogleDork:...

0.3AI score
Exploits0
0day.today
0day.today
added 2008/11/10 12:0 a.m.20 views

Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== Joomla Component JooBlog 0.1.1 PostID SQL Injection Vulnerability =================================================================== Joomla Component comjb2PostID...

7.1AI score
Exploits0
Rows per page
Query Builder