Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-blog vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31396
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arb...
4.3
CVSSv2
CVE-2018-14631
moodle prior to 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if ...
Moodle Moodle
5
CVSSv2
CVE-2007-0541
WordPress allows remote malicious users to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existin...
Wordpress Wordpress
6.8
CVSSv2
CVE-2006-6925
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submi...
Bitweaver Bitweaver 1.1
Bitweaver Bitweaver 1.1.1 Beta
Bitweaver Bitweaver 1.3.1
Bitweaver Bitweaver 1.2.1
Bitweaver Bitweaver 1.3
1 EDB exploit
7.5
CVSSv2
CVE-2006-3096
Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information i...
Ipostmx Ipostmx 2005
NA
CVE-2024-25610
In Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which al...
3.5
CVSSv2
CVE-2004-1865
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other me...
Bblog Bblog 0.7.2
NA
CVE-2024-30420
Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the produc...
NA
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and previous versions, Ver.3.0.x series Ver.3.0.30 and previous versions, Ver.2.11.x series Ver.2.11.59 and previous versions, Ver.2.10.x series Ver.2.10.51 and previous versions, and Ver.2.9 and pr...
6.8
CVSSv2
CVE-2006-3183
Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multi...
Mobescripts Mobile Space Community 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »