Dayfox Blog Security Vulnerabilities and Issues — Dayfox Blog CVE List

Lucene search

Dayfox DesignsDayfox Blog

5 matches found

CVE•added 2007/03/20 8:19 p.m.•61 views

CVE-2007-1525

Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.

6.8CVSS7.7AI score0.03738EPSS

CVE•added 2008/08/10 8:41 p.m.•58 views

CVE-2008-3564

Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a...

7.5CVSS7.3AI score0.00839EPSS

CVE•added 2007/01/09 6:28 p.m.•42 views

CVE-2007-0150

Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.

7.5CVSS7.7AI score0.0111EPSS

CVE•added 2006/10/10 4:6 a.m.•34 views

CVE-2006-5183

Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit.

7.5CVSS8AI score0.0069EPSS

CVE•added 2006/05/22 10:2 p.m.•29 views

CVE-2006-2522

Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.

7.5CVSS7AI score0.01666EPSS