nibbleblog vulnerabilities and exploits

6.8
MEDIUM
CVE-2015-6966

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks v...

6.5
MEDIUM
CVE-2015-6967

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image...

NibbleblogNibbleblog
6.5
MEDIUM
CVE-2018-16604

An issue was discovered in Nibbleblog v4.0.5. With an admin's username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., "${phpinfo()}")....

5
MEDIUM
CVE-2018-6470

Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directory, causing DS_Store information to leak....

4.3
MEDIUM
CVE-2014-8996

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php....

7.5
HIGH
CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request....

6.8
MEDIUM
CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document....

AppleApple TvIphone OsMac Os X
10
HIGH
CVE-2013-2729

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727....

AdobeAcrobatAcrobat Reader
5.8
MEDIUM
CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document....

AppleApple TvIphone OsMac Os X
6.8
MEDIUM
CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document....

AppleApple TvIphone OsMac Os X