PHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.

SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.

PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) mkb.php, (2) iplogger.php, (3) admin_board2.php, or (4) admin_logger.php in includes/, different vectors than CVE-2006-5224.

PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.

SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter.