Show filters
118 Total Results
Displaying 81-90 of 118
Sort by:
Attacker Value
Unknown

CVE-2008-2562

Disclosure Date: June 06, 2008 (last updated October 04, 2023)
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
0
0
Attacker Value
Unknown

CVE-2008-0559

Disclosure Date: February 04, 2008 (last updated October 04, 2023)
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
0
0
Attacker Value
Unknown

CVE-2007-6587

Disclosure Date: December 28, 2007 (last updated October 04, 2023)
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
0
0
Attacker Value
Unknown

CVE-2007-6308

Disclosure Date: December 11, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2007-4157

Disclosure Date: August 03, 2007 (last updated October 04, 2023)
PHPBlogger stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for data/pref.db. NOTE: this can be easily leveraged for administrative access because composing the authentication cookie only requires the password hash, not the cleartext version.
0
0
Attacker Value
Unknown

CVE-2007-3399

Disclosure Date: June 26, 2007 (last updated October 04, 2023)
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
0
0
Attacker Value
Unknown

CVE-2007-3179

Disclosure Date: June 11, 2007 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2007-3084

Disclosure Date: June 06, 2007 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.
0
0
Attacker Value
Unknown

CVE-2007-2277

Disclosure Date: April 25, 2007 (last updated October 04, 2023)
Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
0
0
Attacker Value
Unknown

CVE-2007-1510

Disclosure Date: March 20, 2007 (last updated October 04, 2023)
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
0
0
View More Topics  < Previous  Next >