Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote malicious users to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.
Leif M. Wright Web Blog 1.1
Leif M. Wright Web Blog 1.1.5
1 EDB exploit
5
CVSSv2
CVE-2021-36748
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module prior to 1.7.8 for Prestashop allows a remote malicious user to extract data from the database via the sb_category parameter.
Prestahome Blog
4.3
CVSSv2
CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog prior to 1.1.2 Final allows remote malicious users to inject arbitrary web script or HTML via double hex encoded highlight data.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
7.5
CVSSv2
CVE-2005-1946
Multiple SQL injection vulnerabilities in Invision Blog prior to 1.1.2 Final allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Invision Power Services Invision Community Blog 1.0
Invision Power Services Invision Community Blog 1.1
NA
CVE-2023-43381
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote malicious user to obtain sensitive information via the id parameter in the login.php
Tianchoy Blog 1.8.8
5.1
CVSSv2
CVE-2006-5244
Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_f...
Opendock Easy Blog
2 EDB exploits
4.3
CVSSv2
CVE-2020-15156
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
Nodebb Blog Comments
7.5
CVSSv2
CVE-2019-7587
Bo-blog Wind up to and including 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function.
Bo-blog Bw
NA
CVE-2023-52264
The beesblog (aka Bees Blog) component prior to 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.
Thirtybees Bees Blog
5
CVSSv2
CVE-2021-20728
Improper access control vulnerability in goo blog App for Android ver.1.2.25 and previous versions and for iOS ver.1.3.3 and previous versions allows a remote malicious user to lead a user to access an arbitrary website via the vulnerable App.
Nttr Goo Blog
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »