Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-11565
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin prior to 1.6.7 for WordPress via the site parameter.
Print My Blog Project Print My Blog
7.5
CVSSv2
CVE-2010-2436
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote malicious users to execute arbitrary SQL commands via the PATH_INFO.
Anecms Anecms Blog
Anecms Anecms Blog 1.0
1 EDB exploit
5
CVSSv2
CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote malicious users to misrepresent their IP address by sending a modified header.
F-art Agency Blog Cms 3.0
F-art Agency Blog Cms 3.1
F-art Agency Blog Cms 3.1.2
Punbb Punbb 1.2.4
Punbb Punbb 1.2.5
Punbb Punbb 1.2.6
Punbb Punbb 1.2.7
F-art Agency Blog Cms 3.1.3
F-art Agency Blog Cms 3.6.2
Punbb Punbb 1.2.1
Punbb Punbb 1.2.3
Punbb Punbb 1.2.8
F-art Agency Blog Cms 4.0.0
F-art Agency Blog Cms 4.0.0a
F-art Agency Blog Cms 4.0.0b
F-art Agency Blog Cms 4.0.0c
F-art Agency Blog Cms 3.1.4
F-art Agency Blog Cms 3.6.4
F-art Agency Blog Cms 4.0.0d
Punbb Punbb 1.2.2
Punbb Punbb 1.2.9
7.5
CVSSv2
CVE-2022-29659
Responsive Online Blog v1.0 exists to contain a SQL injection vulnerability via the id parameter at single.php.
Responsive Online Blog Project Responsive Online Blog 1.0
NA
CVE-2022-35501
Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.
Amasty Blog Pro 2.10.3
Amasty Blog Pro 2.10.4
1 Github repository
4.3
CVSSv2
CVE-2020-20605
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component.
Personal Blog Cms Project Personal Blog Cms 1.0
7.5
CVSSv2
CVE-2009-3718
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to execute arbitrary SQL commands via the UserName parameter.
Davethewebguy Battle Blog 1.30
Davethewebguy Battle Blog 1.25
1 EDB exploit
7.5
CVSSv2
CVE-2005-0854
betaparticle blog (bp blog), posisbly before version 4, allows remote malicious users to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
Betaparticle Betaparticle Blog 2.0
Betaparticle Betaparticle Blog 3.0
2 EDB exploits
7.5
CVSSv2
CVE-2021-26231
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote malicious users to execute arbitrary SQL statements, via the id parameter to category.php.
Fantastic Blog Cms Project Fantastic Blog Cms 1.0
5
CVSSv2
CVE-2005-0853
betaparticle blog (bp blog) stores the database under the web root, which allows remote malicious users to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions prior to 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that...
Betaparticle Betaparticle Blog 2.0
Betaparticle Betaparticle Blog 3.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »