Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-2251
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final up to and including 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
Invision Power Services Invision Community Blog 1.1.2 Final
Invision Power Services Invision Community Blog 1.2
7.5
CVSSv2
CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
Super Cms Blog Pro Project Super Cms Blog Pro 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote malicious users to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.
Leif M. Wright Web Blog 1.1.5
Leif M. Wright Web Blog 1.1
1 EDB exploit
4.3
CVSSv2
CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog prior to 1.1.2 Final allows remote malicious users to inject arbitrary web script or HTML via double hex encoded highlight data.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
7.5
CVSSv2
CVE-2005-1946
Multiple SQL injection vulnerabilities in Invision Blog prior to 1.1.2 Final allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
5
CVSSv2
CVE-2021-36748
A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module prior to 1.7.8 for Prestashop allows a remote malicious user to extract data from the database via the sb_category parameter.
Prestahome Blog
NA
CVE-2022-4793
The Blog Designer WordPress plugin prior to 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Solwininfotech Blog Designer
7.5
CVSSv2
CVE-2006-4300
SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
8pixel.net Simple Blog
2 EDB exploits
NA
CVE-2023-5291
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au...
Awplife Blog Filter
NA
CVE-2023-5295
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...
Awplife Blog Filter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »