Lucene search

K

Simplog Security Vulnerabilities

cve
cve

CVE-2006-1073

Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid...

6.8AI Score

0.047EPSS

2006-03-08 12:02 AM
23
cve
cve

CVE-2006-1072

Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog...

5.7AI Score

0.003EPSS

2006-03-08 12:02 AM
26
cve
cve

CVE-2009-4093

Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email...

5.9AI Score

0.002EPSS

2009-11-29 01:07 PM
23
cve
cve

CVE-2009-4092

Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change...

7.2AI Score

0.003EPSS

2009-11-29 01:07 PM
19
cve
cve

CVE-2009-4091

comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del...

6.8AI Score

0.004EPSS

2009-11-29 01:07 PM
21
cve
cve

CVE-2006-5398

SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid...

8.8AI Score

0.009EPSS

2006-10-18 11:07 PM
20
cve
cve

CVE-2006-4058

Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party...

5.9AI Score

0.027EPSS

2006-08-10 12:04 AM
19
cve
cve

CVE-2006-2028

Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory...

5.7AI Score

0.005EPSS

2006-04-26 12:06 AM
23
cve
cve

CVE-2006-2029

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c)...

8.5AI Score

0.009EPSS

2006-04-26 12:06 AM
24
cve
cve

CVE-2006-1778

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c)...

8.5AI Score

0.006EPSS

2006-04-13 10:02 AM
26
cve
cve

CVE-2006-1776

PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s...

7.6AI Score

0.046EPSS

2006-04-13 10:02 AM
25
cve
cve

CVE-2006-1777

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which....

7.3AI Score

0.017EPSS

2006-04-13 10:02 AM
29
cve
cve

CVE-2006-1779

Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag...

5.7AI Score

0.021EPSS

2006-04-13 10:02 AM
33
cve
cve

CVE-2005-3076

Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to...

8.5AI Score

0.012EPSS

2005-09-27 07:03 PM
18