Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote malicious users to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.
Leif M. Wright Web Blog 1.1
Leif M. Wright Web Blog 1.1.5
1 EDB exploit
5
CVSSv2
CVE-2021-36748
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module prior to 1.7.8 for Prestashop allows a remote malicious user to extract data from the database via the sb_category parameter.
Prestahome Blog
4.3
CVSSv2
CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog prior to 1.1.2 Final allows remote malicious users to inject arbitrary web script or HTML via double hex encoded highlight data.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
7.5
CVSSv2
CVE-2005-1946
Multiple SQL injection vulnerabilities in Invision Blog prior to 1.1.2 Final allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Invision Power Services Invision Community Blog 1.0
Invision Power Services Invision Community Blog 1.1
NA
CVE-2023-43979
ETS Soft ybc_blog before v4.4.0 exists to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().
Prestahero Ybc Blog
6.8
CVSSv2
CVE-2010-4750
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote malicious users to hijack the authentication of administrators.
Blogcms Blog\\ Cms
1 EDB exploit
4.3
CVSSv2
CVE-2017-17948
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.
Cells Blog 3.5
7.5
CVSSv2
CVE-2007-1434
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
Grayscale Grayscale Blog
1 EDB exploit
7.5
CVSSv2
CVE-2006-6830
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the index parameter.
Cafelog B2 Blog
1 EDB exploit
5.1
CVSSv2
CVE-2006-5244
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_f...
Opendock Easy Blog
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »