CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to 1 edCss.inc.php, 2 foot.inc.php, 3 getcsscolors.inc.php, 4 head.inc.php, 5 headstuff.inc.php, 6 loglist.inc.php, and 7 pphloggersend.inc.php in include/, which reveals the installation path in an...

5CVSS6.1AI score0.0025EPSS

Exploits0References2

Prion•added 2009/12/10 1:30 a.m.•12 views

Information disclosure

5CVSS6.7AI score0.0025EPSS

Exploits0References2Affected Software1

NVD•added 2009/12/10 1:30 a.m.•10 views

CVE-2009-4253

Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...

4.3CVSS5.7AI score0.00959EPSS

Exploits1References4

Prion•added 2009/12/10 1:30 a.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...

4.3CVSS6.1AI score0.00959EPSS

Exploits1References4Affected Software1

CVE•added 2009/12/10 1:0 a.m.•44 views

CVE-2009-4254

PowerPhlogger 2.2.5 is affected by an information disclosure vulnerability where remote attackers can obtain sensitive data via direct requests to files in the include/ directory (edCss.inc.php, foot.inc.php, get_csscolors.inc.php, head.inc.php, head_stuff.inc.php, loglist.inc.php, pphlogger_send...

5CVSS6.1AI score0.0025EPSS

Exploits0References2Affected Software1

CVE•added 2009/12/10 1:0 a.m.•40 views

CVE-2009-4253

Power Phlogger vulnerability CVE-2009-4253: Cross-site scripting in dspStats.php (PowerPhlogger 2.2.5) allows remote attackers to inject arbitrary web script or HTML via the edit parameter. Root cause: failure to properly sanitize user-supplied input. The issue is documented across multiple feeds...

4.3CVSS5.7AI score0.00959EPSS

Exploits1References4Affected Software1

Cvelist•added 2009/12/10 1:0 a.m.•16 views

CVE-2009-4253

Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...

5.7AI score0.00959EPSS

Exploits1References4

Cvelist•added 2009/12/10 1:0 a.m.•19 views

CVE-2009-4254

6.1AI score0.0025EPSS

Exploits0References2

OpenVAS•added 2009/12/01 12:0 a.m.•12 views

PowerPhlogger Detection

This host is running PowerPhlogger, a complete counter hosting tool. It lets you offer counter service to others from your site. OpenVAS Vulnerability Test $Id: PowerPhloggerdetect.nasl 5739 2017-03-27 14:48:05Z cfi $ PowerPhlogger Detection Authors: Michael Meyer Copyright: Copyright c 2009...

7.2AI score

Exploits0References1

OpenVAS•added 2009/12/01 12:0 a.m.•11 views

PowerPhlogger Detection

This host is running PowerPhlogger, a complete counter hosting tool. It lets you offer counter service to others from your site. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.2AI score

Exploits0References1

Prion•added 2008/06/06 6:32 p.m.•13 views

Sql injection

SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the cssstr parameter in an edit action...

6.5CVSS8.6AI score0.0046EPSS

Exploits0References4Affected Software1

Cvelist•added 2008/06/06 6:0 p.m.•14 views

CVE-2008-2562

SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the cssstr parameter in an edit action...

7.9AI score0.0046EPSS

Exploits0References4

CVE•added 2008/06/06 6:0 p.m.•46 views

CVE-2008-2562

PowerPhlogger 2.2.5 and earlier is affected by an SQL injection in edCss.php, exploitable via the css_str parameter in an edit action. The flaw allows remote authenticated users to execute arbitrary SQL commands. Affected component: edCss.php (PowerPhlogger). Root cause: improper handling of inpu...

6.5CVSS8AI score0.0046EPSS

Exploits0References4Affected Software1

Cvelist•added 2005/06/28 4:0 a.m.•13 views

CVE-2002-1885

PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger PPhlogger 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the relpath parameter...

7.7AI score0.01937EPSS

Exploits1References3

CVE•added 2005/06/28 4:0 a.m.•36 views

CVE-2002-1885

CVE-2002-1885 affects PowerPhlogger (PPhlogger) 2.0.9–2.2.2, where a PHP remote file inclusion via the rel_path parameter allows an attacker to execute arbitrary PHP code. Root cause is an RFI vulnerability in showhits.php3. The entry notes a high impact with potential partial confidentiality/int...

7.5CVSS8AI score0.01937EPSS

Exploits1References3Affected Software1

NVD•added 2002/12/31 5:0 a.m.•7 views

CVE-2002-1885

PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger PPhlogger 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the relpath parameter...

7.5CVSS7.7AI score0.01937EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by