Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4202
SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pid parameter.
Spidey Blog Spidey Blog Script
2 EDB exploits
7.5
CVSSv2
CVE-2007-1471
admin/default.asp in Orion-Blog 2.0 allows remote malicious users to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.
Orion-blog Orion-blog 2.0
1 EDB exploit
4.3
CVSSv2
CVE-2008-0676
Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote malicious users to inject arbitrary web script or HTML via the words parameter.
A-blog A-blog 2
1 EDB exploit
6.4
CVSSv2
CVE-2019-3494
Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter.
Simply-blog Project Simply-blog
4.3
CVSSv2
CVE-2006-0333
Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote malicious users to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php.
Ar-blog Ar-blog 5.2
7.5
CVSSv2
CVE-2017-15539
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
Zorovavi\\/blog Project Zorovavi\\/blog
7.5
CVSSv2
CVE-2008-3306
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote malicious users to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained ...
Youtube Blog Youtube Blog 0.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-3307
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote malicious users to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
Youtube Blog Youtube Blog 0.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-0450
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote malicious users to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
Blog Cms Blog Cms 4.2.1 C
7.5
CVSSv2
CVE-2010-4917
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote malicious users to execute arbitrary SQL commands via the words parameter.
A-blog A-blog 2.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »