Lucene search
+L

7 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

sBlog 0.7.2 search.php keyword Variable POST Method XSS

No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2006/05/05 12:0 a.m.16 views

sBlog.txt

Product : sBlog 0.7.2 Vulnerability :sBlog SQL Injection and Path Disclosure Vulnerability Date of Disclosure : 02/05/06 Bugtraq ID : 17782 Summary: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Issue: Conducting a security benchmark on this open...

7.4AI score
Exploits0
Prion
Prion
added 2006/05/04 12:38 p.m.18 views

Sql injection

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135...

10CVSS8.6AI score0.02395EPSS
Exploits2References7Affected Software1
NVD
NVD
added 2006/05/04 12:38 p.m.16 views

CVE-2006-2189

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135...

10CVSS8.1AI score0.02395EPSS
Exploits1References7
CVE
CVE
added 2006/05/04 10:0 a.m.49 views

CVE-2006-2189

The CVE-2006-2189 issue affects sBlog 0.7.2, where search.php’s keyword parameter is not properly sanitized, allowing remote attackers to inject and execute arbitrary SQL commands. The vulnerability can also enable path disclosure as noted, indicating potential broader disclosure implications. Th...

10CVSS8.1AI score0.02395EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2006/03/10 2:0 a.m.41 views

CVE-2006-1135

CVE-2006-1135 documents multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2. The affected component is the web application’s search functionality (search.php) and comments submission handling (comments_do.php). The root cause is insufficient input sanitization, allowing an attacker...

4.3CVSS5.7AI score0.01981EPSS
Exploits1References7Affected Software1
Packet Storm
Packet Storm
added 2006/03/09 12:0 a.m.28 views

sBlog_0.72_xss.txt

sBlog 0.7.2 == Multiple Cross-Site Scripting Vulnerability =================================== Information of Software: Software: sBlog 0.7.2 Site: http://servous.se/ Description: sBlog is a simple and new PHP Blog. Is very very simple and it's use by newbie of PHP...

7.4AI score
Exploits0
Rows per page
Query Builder