3 matches found
CVE-2007-0798
CVE-2007-0798 affects Ublog Reload 1.0.5. The issue comprises multiple cross-site scripting (XSS) vulnerabilities allowing an attacker to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp (remote, unauthenticated) and (2–4) badword.asp, polls.asp, and users.asp (remo...
CVE-2005-0938
The CVE concerns Ublog Reload 1.0–1.0.4, where the application stores ublogreload.mdb under the web root. This enables an attacker to read usernames and hashed passwords by making a direct request to ublogreload.mdb, exposing authentication data. The underlying issue is exposure of the MDB databa...
CVE-2005-2010
XSS vulnerability CVE-2005-2010 in Ublog Reload 1.0.5 tracked via trackback.asp: an attacker can inject arbitrary script/HTML through the btitle parameter. Affected component is trackback.asp in Ublog Reload 1.0.5; root cause is improper sanitization of user-supplied input in the btitle field, en...