CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple cross-site scripting XSS vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

6.8CVSS5.8AI score0.00867EPSS

Exploits0References1

EUVD•added 2022/05/01 7:16 a.m.•1 views

EUVD-2006-4188

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog wB 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wbclassdir parameter...

5.1CVSS7.5AI score0.16568EPSS

Exploits1References11

seebug.org•added 2014/07/01 12:0 a.m.•16 views

Wheatblog <= 1.1 (session.php) Remote File Include Vulnerability

No description provided by source. Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll ?php includeonce$wbclassdir/classDatabase.php; function StartSession global $sessiondir; if $sessiondir != '' sessionsavepath$sessiondir; if !...

7.1AI score

Exploits0

securityvulns•added 2007/11/22 12:0 a.m.•58 views

Wheatblog (wB) Remote File inclusion ..

Hello,, Wheatblog wB Remote File inclusion .. tested on 1.1 and older versions are injected Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Remote File Inclusion file : includes/sessions.php line 2 : code:-...

1AI score

Exploits0

Prion•added 2007/07/04 4:30 p.m.•6 views

Sql injection

SQL injection vulnerability in admin/login.php in Wheatblog wB 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter...

6.8CVSS9.1AI score0.00907EPSS

Exploits0References7Affected Software1

NVD•added 2007/07/04 4:30 p.m.•9 views

CVE-2007-3557

SQL injection vulnerability in admin/login.php in Wheatblog wB 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter...

6.8CVSS8.3AI score0.00907EPSS

Exploits0References7

Cvelist•added 2007/07/04 4:0 p.m.•15 views

CVE-2007-3557

SQL injection vulnerability in admin/login.php in Wheatblog wB 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter...

8.3AI score0.00907EPSS

Exploits0References7

CVE•added 2007/07/04 4:0 p.m.•42 views

CVE-2007-3557

The CVE-2007-3557 issue affects Wheatblog (wB) version 1.1, specifically the admin/login.php script. When magic_quotes_gpc is disabled, the login parameter is vulnerable to SQL injection, enabling remote attackers to execute arbitrary SQL commands. This is documented across multiple sources (NVD,...

6.8CVSS8.4AI score0.00907EPSS

Exploits0References7Affected Software1

NVD•added 2007/02/12 7:28 p.m.•7 views

CVE-2006-7002

Cross-site scripting XSS vulnerability in addcomment.php in Wheatblog wB 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may...

4.3CVSS5.4AI score0.00351EPSS

Exploits1References2

Cvelist•added 2007/02/12 7:0 p.m.•13 views

CVE-2006-7002

5.4AI score0.00351EPSS

Exploits1References2

CVE•added 2007/02/12 7:0 p.m.•45 views

CVE-2006-7002

The CVE-2006-7002 entry describes a Cross-site scripting (XSS) vulnerability in Wheatblog (wB) 1.1, exploitable through the Email field in add_comment.php. The issue is tied to Wheatblog 1.1 and is explicitly documented as an XSS that allows injection of arbitrary script/HTML via that input. Conn...

4.3CVSS5.5AI score0.00351EPSS

Exploits1References2Affected Software1

seebug.org•added 2006/12/10 12:0 a.m.•9 views

Wheatblog Session.PHP远程文件包含漏洞

Wheatblog是一款基于PHP的网络日记程序。 Wheatblog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。问题是'session.php'脚本对用户提交的'webclassdir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Wheatblog Wheatblog 1.1 Wheatblog Wheatblog 1.0 http://wheatblog.sourceforge.net/...

7.1AI score

Exploits0

seebug.org•added 2006/12/06 12:0 a.m.•16 views

Wheatblog <= 1.1 (session.php) Remote File Include Vulnerability

No description provided by source. Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll ?php includeonce"$wbclassdir/classDatabase.php"; function StartSession global $sessiondir; if $sessiondir != '' sessionsavepath$sessiondir; if ...

7.1AI score

Exploits0

NVD•added 2006/11/15 3:7 p.m.•10 views

CVE-2006-5922

index.php in Wheatblog wB allows remote attackers to obtain sensitive information via certain values of the postPtr and next parameters, which reveals the path in an error message...

5CVSS6.2AI score0.0076EPSS

Exploits0References3

NVD•added 2006/11/15 3:7 p.m.•7 views

CVE-2006-5921

Multiple cross-site scripting XSS vulnerabilities in addcomment.php in Wheatblog wB allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 WWW, and 3 Comment fields. NOTE: this issue may overlap CVE-2006-5195...

5.8CVSS5.6AI score0.00427EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by