SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.

Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter.