Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotclear vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear prior to 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some ...
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
Dotclear Dotclear
NA
CVE-2005-3963
SQL injection vulnerability in session.php in DotClear prior to 1.2.3 allows remote malicious users to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
Dotclear Dotclear 1.2.1
Dotclear Dotclear 1.2.2
1 EDB exploit
NA
CVE-2011-5083
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote malicious users to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory...
Dotclear Dotclear 2.4.2
Dotclear Dotclear 2.3.1
7.2
CVSSv3
CVE-2016-9268
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear up to and including 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, a...
Dotclear Dotclear
NA
CVE-2007-1989
Multiple cross-site scripting (XSS) vulnerabilities in DotClear prior to 1.2.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these ...
Dotclear Dotclear
2 EDB exploits
5.4
CVSSv3
CVE-2016-9891
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear prior to 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
Dotclear Dotclear
6.1
CVSSv3
CVE-2015-8831
Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear prior to 2.8.2 allows remote malicious users to inject arbitrary web script or HTML via the author name in a comment.
Dotclear Dotclear
8.8
CVSSv3
CVE-2016-7902
Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear prior to 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstra...
Dotclear Dotclear
5.4
CVSSv3
CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear up to and including 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
Dotclear Dotclear
3.7
CVSSv3
CVE-2016-7903
Dotclear prior to 2.10.3, when the Host header is not part of the web server routing process, allows remote malicious users to modify the password reset address link via the HTTP Host header.
Dotclear Dotclear
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »