a-blog vulnerabilities and exploits

7.5
CVSSv2
CVE-2006-5135

Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b)...

A-blog
4.3
CVSSv2
CVE-2006-6729

Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

A-blog
7.5
CVSSv2
CVE-2006-5092

PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter....

A-blog
7.5
CVSSv2
CVE-2010-4917

SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter....

A-blog
7.5
CVSSv2
CVE-2008-0677

SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action....

A-blog
4.3
CVSSv2
CVE-2008-0676

Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter....

A-blog
4.3
CVSSv2
CVE-2016-1179

Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML....

7.8
CVSSv2
CVE-2007-4093

Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db....

6.4
CVSSv2
CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors....

5
CVSSv2
CVE-2012-6105

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed....