Geeklog@1.3.11 Security Vulnerabilities and Issues — Geeklog@1.3.11 CVE List

Lucene search

GeeklogGeeklog1.3.11

12 matches found

CVE•added 2006/05/31 10:6 a.m.•73 views

CVE-2006-2700

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

5.1CVSS8.6AI score0.01037EPSS

CVE•added 2006/02/21 11:2 p.m.•45 views

CVE-2006-0823

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

7.5CVSS8AI score0.01258EPSS

CVE•added 2005/12/05 11:3 a.m.•39 views

CVE-2005-4026

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.

5CVSS6.6AI score0.00375EPSS

CVE•added 2006/05/31 10:6 a.m.•38 views

CVE-2006-2699

Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.

6.8CVSS5.8AI score0.01395EPSS

CVE•added 2006/05/31 10:6 a.m.•37 views

CVE-2006-2701

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.

7.5CVSS8.3AI score0.00603EPSS

CVE•added 2006/05/31 10:6 a.m.•36 views

CVE-2006-2698

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

7.8CVSS6.7AI score0.01066EPSS

CVE•added 2012/09/09 9:55 p.m.•35 views

CVE-2011-5159

Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942.

4.3CVSS5.8AI score0.00837EPSS

CVE•added 2006/07/21 2:3 p.m.•34 views

CVE-2006-3756

Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).

4.3CVSS5.6AI score0.00639EPSS

CVE•added 2012/09/09 9:55 p.m.•32 views

CVE-2011-4942

Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a C...

4.3CVSS5.9AI score0.00837EPSS

CVE•added 2006/02/20 8:0 p.m.•31 views

CVE-2005-4725

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.

7.5CVSS7.3AI score0.00311EPSS

CVE•added 2006/02/21 11:2 p.m.•31 views

CVE-2006-0824

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for co...

7.5CVSS7.9AI score0.03286EPSS

CVE•added 2006/03/07 11:2 p.m.•30 views

CVE-2006-1069

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors.

10CVSS7AI score0.00381EPSS