Search
Find a vulnerability
Search criteria
42 vulnerabilities found for mybloggie by mywebland
CVE-2008-3080 (GCVE-0-2008-3080)
Vulnerability from nvd – Published: 2008-07-09 00:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5975 | exploitx_refsource_EXPLOIT-DB |
| http://www.netvigilance.com/advisory0040 | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5975",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"name": "http://www.netvigilance.com/advisory0040",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3080",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2008-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:35.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1899 (GCVE-0-2007-1899)
Vulnerability from nvd – Published: 2008-07-09 00:00 – Updated: 2024-08-07 13:13
VLAI
Summary
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30892 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5975 | exploitx_refsource_EXPLOIT-DB |
| http://descriptions.securescout.com/tc/17969 | x_refsource_MISC |
| http://www.netvigilance.com/advisory0040 | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"name": "http://descriptions.securescout.com/tc/17969",
"refsource": "MISC",
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"name": "http://www.netvigilance.com/advisory0040",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1899",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2007-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:41.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3650 (GCVE-0-2007-3650)
Vulnerability from nvd – Published: 2008-07-09 00:00 – Updated: 2025-04-03 14:47
VLAI
Summary
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://descriptions.securescout.com/tc/17970 | x_refsource_MISC |
| http://www.netvigilance.com/advisory0039 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0039"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:46:36.548713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:47:21.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-07-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://descriptions.securescout.com/tc/17970",
"refsource": "MISC",
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"name": "http://www.netvigilance.com/advisory0039",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3650",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2007-07-10T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:47:21.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3194 (GCVE-0-2007-3194)
Vulnerability from nvd – Published: 2007-06-12 23:00 – Updated: 2025-01-17 14:41 Disputed
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2794 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/470972/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/37685 | vdb-entryx_refsource_OSVDB |
Date Public
2007-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37685"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T15:05:24.813685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T14:41:46.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37685"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2794",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"refsource": "OSVDB",
"url": "http://osvdb.org/37685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3194",
"datePublished": "2007-06-12T23:00:00.000Z",
"dateReserved": "2007-06-12T00:00:00.000Z",
"dateUpdated": "2025-01-17T14:41:46.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3003 (GCVE-0-2007-3003)
Vulnerability from nvd – Published: 2007-06-04 17:00 – Updated: 2024-08-07 13:57
VLAI
Summary
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2769 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/470112/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/24249 | vdb-entryx_refsource_BID |
| http://osvdb.org/38345 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"refsource": "OSVDB",
"url": "http://osvdb.org/38345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3003",
"datePublished": "2007-06-04T17:00:00.000Z",
"dateReserved": "2007-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0353 (GCVE-0-2007-0353)
Vulnerability from nvd – Published: 2007-01-19 01:00 – Updated: 2024-08-07 12:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/32930 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/457206/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2155 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/22097 | vdb-entryx_refsource_BID |
| http://mywebland.com/forums/showtopic.php?t=1224 | x_refsource_MISC |
| http://osvdb.org/32929 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://securitytracker.com/id?1017531 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017531"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"refsource": "OSVDB",
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22097"
},
{
"name": "http://mywebland.com/forums/showtopic.php?t=1224",
"refsource": "MISC",
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"refsource": "OSVDB",
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017531"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0353",
"datePublished": "2007-01-19T01:00:00.000Z",
"dateReserved": "2007-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:18.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4043 (GCVE-0-2006-4043)
Vulnerability from nvd – Published: 2006-08-09 23:00 – Updated: 2024-08-07 18:57
VLAI
Summary
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3179 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/442323/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2118 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/21376 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1347 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/mybloggie_214_sql.html | x_refsource_MISC |
Date Public
2006-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1347"
},
{
"name": "http://retrogod.altervista.org/mybloggie_214_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4043",
"datePublished": "2006-08-09T23:00:00.000Z",
"dateReserved": "2006-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:57:45.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4042 (GCVE-0-2006-4042)
Vulnerability from nvd – Published: 2006-08-09 23:00 – Updated: 2024-08-07 18:57
VLAI
Summary
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3179 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19362 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/442323/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2118 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/21376 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1347 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/mybloggie_214_sql.html | x_refsource_MISC |
Date Public
2006-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1347"
},
{
"name": "http://retrogod.altervista.org/mybloggie_214_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4042",
"datePublished": "2006-08-09T23:00:00.000Z",
"dateReserved": "2006-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:57:45.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3903 (GCVE-0-2006-3903)
Vulnerability from nvd – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI
Summary
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/441356/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26557 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26558 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=114791192612460&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3903",
"datePublished": "2006-07-27T22:00:00.000Z",
"dateReserved": "2006-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3905 (GCVE-0-2006-3905)
Vulnerability from nvd – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI
Summary
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/441356/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26559 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26560 | vdb-entryx_refsource_OSVDB |
| http://www.h4cky0u.org/advisories/HYSA-2006-008-m… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=114791192612460&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3905",
"datePublished": "2006-07-27T22:00:00.000Z",
"dateReserved": "2006-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2859 (GCVE-0-2006-2859)
Vulnerability from nvd – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06 Disputed
VLAI
Summary
PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1049 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435789/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/18241 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/436124/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/435866/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1049",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1049",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1049",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2859",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2269 (GCVE-0-2006-2269)
Vulnerability from nvd – Published: 2006-05-09 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/17865 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/433126/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/857 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2269",
"datePublished": "2006-05-09T10:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:29.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1205 (GCVE-0-2006-1205)
Vulnerability from nvd – Published: 2006-03-14 01:00 – Updated: 2024-08-07 17:03
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/23990 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/23975 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17048 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/23987 | vdb-entryx_refsource_OSVDB |
| http://www.seclab.tuwien.ac.at/advisories/TUVSA-0… | x_refsource_MISC |
| http://www.osvdb.org/23989 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/427182/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/23991 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23992 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23988 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23973 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23974 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23986 | vdb-entryx_refsource_OSVDB |
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23987"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23987"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23987"
},
{
"name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt",
"refsource": "MISC",
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1205",
"datePublished": "2006-03-14T01:00:00.000Z",
"dateReserved": "2006-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4225 (GCVE-0-2005-4225)
Vulnerability from nvd – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2005-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21663"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21663"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"potential\" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21663"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4225",
"datePublished": "2005-12-14T11:00:00.000Z",
"dateReserved": "2005-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3153 (GCVE-0-2005-3153)
Vulnerability from nvd – Published: 2005-10-05 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014995 | vdb-entryx_refsource_SECTRACK |
| http://rgod.altervista.org/mybloggie213b.html | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=112818273307878&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/42 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/19935 | vdb-entryx_refsource_OSVDB |
| http://mywebland.com/forums/showtopic.php?t=399 | x_refsource_CONFIRM |
Date Public
2005-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014995",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014995"
},
{
"name": "http://rgod.altervista.org/mybloggie213b.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19935"
},
{
"name": "http://mywebland.com/forums/showtopic.php?t=399",
"refsource": "CONFIRM",
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3153",
"datePublished": "2005-10-05T04:00:00.000Z",
"dateReserved": "2005-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:57.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3080 (GCVE-0-2008-3080)
Vulnerability from cvelistv5 – Published: 2008-07-09 00:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5975 | exploitx_refsource_EXPLOIT-DB |
| http://www.netvigilance.com/advisory0040 | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:35.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5975",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"name": "http://www.netvigilance.com/advisory0040",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3080",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2008-07-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:21:35.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1899 (GCVE-0-2007-1899)
Vulnerability from cvelistv5 – Published: 2008-07-09 00:00 – Updated: 2024-08-07 13:13
VLAI
Summary
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/30892 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5975 | exploitx_refsource_EXPLOIT-DB |
| http://descriptions.securescout.com/tc/17969 | x_refsource_MISC |
| http://www.netvigilance.com/advisory0040 | x_refsource_MISC |
Date Public
2008-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30892"
},
{
"name": "5975",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5975"
},
{
"name": "http://descriptions.securescout.com/tc/17969",
"refsource": "MISC",
"url": "http://descriptions.securescout.com/tc/17969"
},
{
"name": "http://www.netvigilance.com/advisory0040",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1899",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2007-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:41.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3650 (GCVE-0-2007-3650)
Vulnerability from cvelistv5 – Published: 2008-07-09 00:00 – Updated: 2025-04-03 14:47
VLAI
Summary
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://descriptions.securescout.com/tc/17970 | x_refsource_MISC |
| http://www.netvigilance.com/advisory0039 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netvigilance.com/advisory0039"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:46:36.548713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:47:21.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-07-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netvigilance.com/advisory0039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://descriptions.securescout.com/tc/17970",
"refsource": "MISC",
"url": "http://descriptions.securescout.com/tc/17970"
},
{
"name": "http://www.netvigilance.com/advisory0039",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3650",
"datePublished": "2008-07-09T00:00:00.000Z",
"dateReserved": "2007-07-10T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:47:21.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3194 (GCVE-0-2007-3194)
Vulnerability from cvelistv5 – Published: 2007-06-12 23:00 – Updated: 2025-01-17 14:41 Disputed
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2794 | third-party-advisoryx_refsource_SREASON |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/470972/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/37685 | vdb-entryx_refsource_OSVDB |
Date Public
2007-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37685"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-3194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T15:05:24.813685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T14:41:46.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2794",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37685"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2794",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2794"
},
{
"name": "20070610 Re: myBloggie 2.1.5 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0125.html"
},
{
"name": "20070609 myBloggie 2.1.5 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470972/100/0/threaded"
},
{
"name": "37685",
"refsource": "OSVDB",
"url": "http://osvdb.org/37685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3194",
"datePublished": "2007-06-12T23:00:00.000Z",
"dateReserved": "2007-06-12T00:00:00.000Z",
"dateUpdated": "2025-01-17T14:41:46.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3003 (GCVE-0-2007-3003)
Vulnerability from cvelistv5 – Published: 2007-06-04 17:00 – Updated: 2024-08-07 13:57
VLAI
Summary
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2769 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/470112/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/24249 | vdb-entryx_refsource_BID |
| http://osvdb.org/38345 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybloggie-catidyear-sql-injection(34627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34627"
},
{
"name": "2769",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2769"
},
{
"name": "20070531 MyBloggie 2.1.6 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470112/100/0/threaded"
},
{
"name": "24249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24249"
},
{
"name": "38345",
"refsource": "OSVDB",
"url": "http://osvdb.org/38345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3003",
"datePublished": "2007-06-04T17:00:00.000Z",
"dateReserved": "2007-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0353 (GCVE-0-2007-0353)
Vulnerability from cvelistv5 – Published: 2007-01-19 01:00 – Updated: 2024-08-07 12:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/32930 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/457206/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/2155 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/22097 | vdb-entryx_refsource_BID |
| http://mywebland.com/forums/showtopic.php?t=1224 | x_refsource_MISC |
| http://osvdb.org/32929 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://securitytracker.com/id?1017531 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-01-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:18.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017531"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybloggie-indexlogin-xss(31554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31554"
},
{
"name": "32930",
"refsource": "OSVDB",
"url": "http://osvdb.org/32930"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457206/100/0/threaded"
},
{
"name": "2155",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2155"
},
{
"name": "22097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22097"
},
{
"name": "http://mywebland.com/forums/showtopic.php?t=1224",
"refsource": "MISC",
"url": "http://mywebland.com/forums/showtopic.php?t=1224"
},
{
"name": "32929",
"refsource": "OSVDB",
"url": "http://osvdb.org/32929"
},
{
"name": "20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0338.html"
},
{
"name": "1017531",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017531"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0353",
"datePublished": "2007-01-19T01:00:00.000Z",
"dateReserved": "2007-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:18.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4043 (GCVE-0-2006-4043)
Vulnerability from cvelistv5 – Published: 2006-08-09 23:00 – Updated: 2024-08-07 18:57
VLAI
Summary
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3179 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/442323/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2118 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/21376 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1347 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/mybloggie_214_sql.html | x_refsource_MISC |
Date Public
2006-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-index-information-disclosure(28242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28242"
},
{
"name": "1347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1347"
},
{
"name": "http://retrogod.altervista.org/mybloggie_214_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4043",
"datePublished": "2006-08-09T23:00:00.000Z",
"dateReserved": "2006-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:57:45.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4042 (GCVE-0-2006-4042)
Vulnerability from cvelistv5 – Published: 2006-08-09 23:00 – Updated: 2024-08-07 18:57
VLAI
Summary
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3179 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/19362 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/442323/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2118 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/21376 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1347 | third-party-advisoryx_refsource_SREASON |
| http://retrogod.altervista.org/mybloggie_214_sql.html | x_refsource_MISC |
Date Public
2006-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1347"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3179"
},
{
"name": "19362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19362"
},
{
"name": "20060805 MyBloggie \u003c= 2.1.4 trackback.php SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442323/100/0/threaded"
},
{
"name": "2118",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2118"
},
{
"name": "21376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21376"
},
{
"name": "mybloggie-trackback-sql-injection(28241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28241"
},
{
"name": "1347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1347"
},
{
"name": "http://retrogod.altervista.org/mybloggie_214_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybloggie_214_sql.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4042",
"datePublished": "2006-08-09T23:00:00.000Z",
"dateReserved": "2006-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:57:45.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3903 (GCVE-0-2006-3903)
Vulnerability from cvelistv5 – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI
Summary
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/441356/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26557 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26558 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=114791192612460&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "mybloggie-index-admin-crlf-injection(26484)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26557",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557"
},
{
"name": "26558",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3903",
"datePublished": "2006-07-27T22:00:00.000Z",
"dateReserved": "2006-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3905 (GCVE-0-2006-3905)
Vulnerability from cvelistv5 – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
VLAI
Summary
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/441356/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26559 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/displayvuln.php?osvdb_id=26560 | vdb-entryx_refsource_OSVDB |
| http://www.h4cky0u.org/advisories/HYSA-2006-008-m… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=114791192612460&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html"
},
{
"name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded"
},
{
"name": "26559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26559"
},
{
"name": "26560",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26560"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt"
},
{
"name": "mybloggie-index-sql-injection(26486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26486"
},
{
"name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF \u0026 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=114791192612460\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3905",
"datePublished": "2006-07-27T22:00:00.000Z",
"dateReserved": "2006-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2859 (GCVE-0-2006-2859)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06 Disputed
VLAI
Summary
PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1049 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435789/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/18241 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/436124/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/435866/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1049",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1049",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1049",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1049"
},
{
"name": "20060602 # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435789/100/0/threaded"
},
{
"name": "18241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18241"
},
{
"name": "20060606 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436124/100/0/threaded"
},
{
"name": "20060603 Re: # MHG Security Team --- MyBloggie 2.1.1 version Remote File Include Vulnerabilit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435866/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2859",
"datePublished": "2006-06-06T20:03:00.000Z",
"dateReserved": "2006-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:06:26.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2269 (GCVE-0-2006-2269)
Vulnerability from cvelistv5 – Published: 2006-05-09 10:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/17865 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/433126/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/857 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17865",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17865",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17865"
},
{
"name": "20060506 myBloggie \u003c= 2.1.3 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433126/100/0/threaded"
},
{
"name": "857",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/857"
},
{
"name": "mybloggie-bbcode-image-xss(26295)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2269",
"datePublished": "2006-05-09T10:00:00.000Z",
"dateReserved": "2006-05-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:29.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1205 (GCVE-0-2006-1205)
Vulnerability from cvelistv5 – Published: 2006-03-14 01:00 – Updated: 2024-08-07 17:03
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/23990 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/23975 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/17048 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/23987 | vdb-entryx_refsource_OSVDB |
| http://www.seclab.tuwien.ac.at/advisories/TUVSA-0… | x_refsource_MISC |
| http://www.osvdb.org/23989 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/427182/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/23991 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23992 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23988 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23973 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23974 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/23986 | vdb-entryx_refsource_OSVDB |
Date Public
2006-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23987"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23987"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23990"
},
{
"name": "mybloggie-index-admin-xss(25134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25134"
},
{
"name": "23975",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23975"
},
{
"name": "17048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17048"
},
{
"name": "23987",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23987"
},
{
"name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt",
"refsource": "MISC",
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt"
},
{
"name": "23989",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23989"
},
{
"name": "20060309 MyBloggie: Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427182/100/0/threaded"
},
{
"name": "23991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23991"
},
{
"name": "23992",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23992"
},
{
"name": "23988",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23988"
},
{
"name": "23973",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23973"
},
{
"name": "23974",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23974"
},
{
"name": "23986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1205",
"datePublished": "2006-03-14T01:00:00.000Z",
"dateReserved": "2006-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4225 (GCVE-0-2005-4225)
Vulnerability from cvelistv5 – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2005-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21663"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"potential\" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21663"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"potential\" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051211 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419280/100/0/threaded"
},
{
"name": "21659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21659"
},
{
"name": "18024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18024/"
},
{
"name": "21665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21665"
},
{
"name": "21662",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21662"
},
{
"name": "21664",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21664"
},
{
"name": "21666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21666"
},
{
"name": "21669",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21669"
},
{
"name": "21667",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21667"
},
{
"name": "21668",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21668"
},
{
"name": "21663",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21663"
},
{
"name": "http://glide.stanford.edu/yichen/research/sec.pdf",
"refsource": "MISC",
"url": "http://glide.stanford.edu/yichen/research/sec.pdf"
},
{
"name": "21660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21660"
},
{
"name": "ADV-2005-2862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2862"
},
{
"name": "20051212 [PHP-CHECKER] 99 potential SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419487/100/0/threaded"
},
{
"name": "21670",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21670"
},
{
"name": "21661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4225",
"datePublished": "2005-12-14T11:00:00.000Z",
"dateReserved": "2005-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3153 (GCVE-0-2005-3153)
Vulnerability from cvelistv5 – Published: 2005-10-05 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014995 | vdb-entryx_refsource_SECTRACK |
| http://rgod.altervista.org/mybloggie213b.html | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=112818273307878&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/42 | third-party-advisoryx_refsource_SREASON |
| http://www.osvdb.org/19935 | vdb-entryx_refsource_OSVDB |
| http://mywebland.com/forums/showtopic.php?t=399 | x_refsource_CONFIRM |
Date Public
2005-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014995",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014995"
},
{
"name": "http://rgod.altervista.org/mybloggie213b.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/mybloggie213b.html"
},
{
"name": "20051001 MyBloggie 2.1.3beta null char + SQL Injection -\u003e Login Bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112818273307878\u0026w=2"
},
{
"name": "42",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/42"
},
{
"name": "19935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19935"
},
{
"name": "http://mywebland.com/forums/showtopic.php?t=399",
"refsource": "CONFIRM",
"url": "http://mywebland.com/forums/showtopic.php?t=399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3153",
"datePublished": "2005-10-05T04:00:00.000Z",
"dateReserved": "2005-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:57.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}