Show filters
35 Total Results
Displaying 1-10 of 35
Sort by:
Attacker Value
Unknown

CVE-2008-6650

Disclosure Date: April 07, 2009 (last updated October 04, 2023)
del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary posts via a direct request with a modified post_id parameter, a different vulnerability than CVE-2008-4628.
0
0
Attacker Value
Unknown

CVE-2008-5004

Disclosure Date: November 10, 2008 (last updated October 04, 2023)
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
0
0
Attacker Value
Unknown

CVE-2008-4643

Disclosure Date: October 22, 2008 (last updated October 04, 2023)
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
0
0
Attacker Value
Unknown

CVE-2008-4644

Disclosure Date: October 22, 2008 (last updated October 04, 2023)
hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header.
0
0
Attacker Value
Unknown

CVE-2008-4650

Disclosure Date: October 22, 2008 (last updated October 04, 2023)
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
0
0
Attacker Value
Unknown

CVE-2008-4628

Disclosure Date: October 21, 2008 (last updated October 04, 2023)
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
0
0
Attacker Value
Unknown

CVE-2007-3650

Disclosure Date: July 09, 2008 (last updated October 04, 2023)
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
0
0
Attacker Value
Unknown

CVE-2008-3080

Disclosure Date: July 09, 2008 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
0
0
Attacker Value
Unknown

CVE-2007-1899

Disclosure Date: July 09, 2008 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
0
0
Attacker Value
Unknown

CVE-2007-3353

Disclosure Date: June 22, 2007 (last updated November 08, 2023)
PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class.
0
0
View More Topics  Next >