Show filters
44 Total Results
Displaying 21-30 of 44
Sort by:
Attacker Value
Unknown
CVE-2011-5029
Disclosure Date: December 29, 2011 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php.
0
Attacker Value
Unknown
CVE-2010-4333
Disclosure Date: December 22, 2010 (last updated October 04, 2023)
Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.
0
Attacker Value
Unknown
CVE-2009-4421
Disclosure Date: December 24, 2009 (last updated October 04, 2023)
Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the blog_language1 parameter.
0
Attacker Value
Unknown
CVE-2008-6745
Disclosure Date: April 23, 2009 (last updated October 04, 2023)
index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action.
0
Attacker Value
Unknown
CVE-2008-6631
Disclosure Date: April 07, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.
0
Attacker Value
Unknown
CVE-2008-2524
Disclosure Date: June 03, 2008 (last updated October 04, 2023)
BlogPHP 2.0 allows remote attackers to bypass authentication, and post (1) messages or (2) comments as an arbitrary user, via a modified blogphp_username field in a cookie.
0
Attacker Value
Unknown
CVE-2008-2175
Disclosure Date: May 13, 2008 (last updated October 04, 2023)
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
0
Attacker Value
Unknown
CVE-2008-0678
Disclosure Date: February 12, 2008 (last updated October 04, 2023)
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
0
Attacker Value
Unknown
CVE-2008-0679
Disclosure Date: February 12, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
0
Attacker Value
Unknown
CVE-2007-5071
Disclosure Date: September 24, 2007 (last updated October 04, 2023)
Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ending in .php. or a .htaccess file, a different vector than CVE-2005-2733. NOTE: the vulnerability was also present in a 0.5.1 download available in the early morning of 20070923. NOTE: the original 20070920 disclosure provided an incorrect filename, img_upload_cgi.php.
0