3 matches found
CVE-2006-1041
CVE-2006-1041 affects Gregarius 0.5.2 with multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via the following parameters: (1) rss_query in search.php and (2) tag in tags.php. The reports indicate XSS could enable executi...
CVE-2008-3374
CVE-2008-3374 afects Gregarius up to version 0.5.4: an SQL injection in ajax.php via the rsargs array in the __exp__getFeedContent action. This allows an unauthenticated, remote attacker to manipulate database queries in the application and potentially disclose data. The vulnerability is triggere...
CVE-2006-1042
CVE-2006-1042 affects Gregarius 0.5.2. The vulnerability is a SQL injection in the web UI, exploitable via the 1) folder parameter to feed.php or 2) rss_query parameter to search.php, enabling remote attackers to execute arbitrary SQL commands. The provided sources describe multiple SQL injection...