Show filters
44 Total Results
Displaying 21-30 of 44
Sort by:
Attacker Value
Unknown

CVE-2011-5029

Disclosure Date: December 29, 2011 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php.
0
Attacker Value
Unknown

CVE-2010-4333

Disclosure Date: December 22, 2010 (last updated October 04, 2023)
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
0
Attacker Value
Unknown

CVE-2009-4421

Disclosure Date: December 24, 2009 (last updated October 04, 2023)
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
0
Attacker Value
Unknown

CVE-2008-6745

Disclosure Date: April 23, 2009 (last updated October 04, 2023)
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
0
Attacker Value
Unknown

CVE-2008-6631

Disclosure Date: April 07, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
0
Attacker Value
Unknown

CVE-2008-2524

Disclosure Date: June 03, 2008 (last updated October 04, 2023)
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
0
Attacker Value
Unknown

CVE-2008-2175

Disclosure Date: May 13, 2008 (last updated October 04, 2023)
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
0
Attacker Value
Unknown

CVE-2008-0678

Disclosure Date: February 12, 2008 (last updated October 04, 2023)
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
0
Attacker Value
Unknown

CVE-2008-0679

Disclosure Date: February 12, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
0
Attacker Value
Unknown

CVE-2007-5071

Disclosure Date: September 24, 2007 (last updated October 04, 2023)
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
0