CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2006/01/25 12:0 a.m.•23 views

SaralBlog-sql.txt

New eVuln Advisory: SaralBlog XSS & Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/40/summary/bt/ --------------------Summary---------------- Software: SaralBlog Sowtware's Web Site: http://www.saralblog.org/ Versions: 1.0 Critical Level: Moderate Type: Multiple Vulnerabilities...

7.4AI score

securityvulns•added 2006/01/22 12:0 a.m.•26 views

[eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities

0.3AI score

NVD•added 2006/01/21 1:3 a.m.•12 views

CVE-2006-0346

Cross-site scripting XSS vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php...

4.3CVSS5.7AI score0.00622EPSS

Prion•added 2006/01/21 1:3 a.m.•15 views

Cross site scripting

4.3CVSS6.1AI score0.00622EPSS

Prion•added 2006/01/21 1:3 a.m.•16 views

Sql injection

Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058...

7.5CVSS8.8AI score0.01029EPSS

NVD•added 2006/01/21 1:3 a.m.•13 views

CVE-2006-0345

7.5CVSS8.3AI score0.01029EPSS

CVE•added 2006/01/21 1:0 a.m.•48 views

CVE-2006-0345

The CVE-2006-0345 entry describes multiple SQL injection vulnerabilities in SaralBlog 1.0. The issues allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. The reference also notes that the id/viewprofile.php issue is covered by CVE-2005-4058. The connec...

7.5CVSS8.4AI score0.01029EPSS

Cvelist•added 2006/01/21 1:0 a.m.•21 views

CVE-2006-0345

8.3AI score0.01029EPSS

Cvelist•added 2006/01/21 1:0 a.m.•14 views

CVE-2006-0346

5.7AI score0.00622EPSS

CVE•added 2006/01/21 1:0 a.m.•40 views

CVE-2006-0346

CVE-2006-0346 is an XSS vulnerability in SaralBlog 1.0. The issue arises when an attacker-supplied value is not properly handled in the website field of a new comment to view.php, due to insufficient sanitization in functions.php. The NVD entry lists a base score of 4.3 (Medium) with low confiden...

4.3CVSS5.7AI score0.00622EPSS

exploitpack•added 2006/01/18 12:0 a.m.•13 views

SaralBlog 1.0 - Multiple Input Validation Vulnerabilities

SaralBlog 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/16306/info saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of...

NVD•added 2005/12/07 11:3 a.m.•11 views

CVE-2005-4058

SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php...

7.5CVSS8.2AI score0.00619EPSS

Exploits0References5

Cvelist•added 2005/12/07 11:0 a.m.•21 views

CVE-2005-4058

SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php...

8.2AI score0.00619EPSS

Exploits0References5

CVE•added 2005/12/07 11:0 a.m.•45 views

CVE-2005-4058

CVE-2005-4058 : A SQL injection vulnerability exists in SaralBlog 1.x and earlier that allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. The CVE entry notes a base score of 7.5 (HIGH) with network attack vector, low complexity, and no authenticatio...

7.5CVSS8.3AI score0.00619EPSS

Exploits0References5Affected Software1

securityvulns•added 2005/12/06 12:0 a.m.•19 views

saralblog v1 SQL inj. vuln.

saralblog v1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/saralblog-v1-sql-inj-vuln.html vendor:http://www.saralblog.org/ affected version:v.1 and prior Product Description: saralblog is a very simple to use blog, which has some ve...

0.9AI score