Vulnerabilities > Blursoft > Blur6Ex > 0.3.462
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-14 | CVE-2006-4106 | HTML Injection vulnerability in Blursoft Blur6Ex 0.3/0.3.462 Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. network blursoft | 4.3 |
2006-06-19 | CVE-2006-3065 | SQL-Injection vulnerability in Blursoft Blur6Ex 0.3.462 SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. | 7.5 |
2006-04-13 | CVE-2006-1763 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | 5.0 |
2006-04-13 | CVE-2006-1762 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. | 7.5 |
2006-04-13 | CVE-2006-1761 | Input Validation vulnerability in Blursoft Blur6Ex 0.3.462 Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. | 2.6 |