Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-blog a-blog vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2007-4093
Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing usernames and encrypted passwords via a direct request for db/users.db.
Minb Minb Is Not A Blog 0.1.0
755
VMScore
CVE-2008-7005
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote malicious users to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential conse...
Minb Minb Is Not A Blog 0.1.0
1 EDB exploit
NA
CVE-2023-22857
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.
Blogengine Blogengine.net 3.3.8.0
312
VMScore
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name.
Getkirby Kirby 2.5.12
440
VMScore
CVE-2009-4365
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote malicious users to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment act...
Scriptsez Ez Blog 1.0
2 EDB exploits
312
VMScore
CVE-2020-22392
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
Intelliants Subrion Cms 4.2.2
383
VMScore
CVE-2006-1072
Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a blog post.
Simplog Simplog
383
VMScore
CVE-2005-3494
Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a blog comment.
Ar-blog Ar-blog
685
VMScore
CVE-2008-6250
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
Comdev Comdev Web Blogger 4.1
Comdev Comdev Web Blogger
1 EDB exploit
516
VMScore
CVE-2006-2246
Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote malicious users to inject arbitrary web script or HTML via text fields when adding a blog entry.
Uapplication Ublog 1.6 Access Edition
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »