Vulnerabilities > Dayfox Designs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-10 | CVE-2008-3564 | Path Traversal vulnerability in Dayfox Designs Dayfox Blog 4 Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-03-20 | CVE-2007-1525 | Remote PHP Code Execution vulnerability in Dayfox Designs Dayfox Blog 4 Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. network dayfox-designs | 6.8 |
| 2007-01-09 | CVE-2007-0150 | Remote Security vulnerability in Dayfox Designs Dayfox Blog 4 Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | 7.5 |
| 2006-10-10 | CVE-2006-5183 | Remote Security vulnerability in Dayfox Designs Dayfox Blog 2.0 Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit. | 7.5 |
| 2006-05-22 | CVE-2006-2522 | Remote Security vulnerability in Dayfox Blog Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | 7.5 |