Vulnerabilities > Geeklog > Geeklog > 1.35
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-09 | CVE-2011-5159 | Cross-Site Scripting vulnerability in Geeklog Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942. | 4.3 |
| 2012-09-09 | CVE-2011-4942 | Cross-Site Scripting vulnerability in Geeklog Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. | 4.3 |
| 2006-05-31 | CVE-2006-2701 | SQL-Injection vulnerability in Geeklog (Extended Japanese Package) SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission. | 7.5 |
| 2006-05-31 | CVE-2006-2700 | Input Validation vulnerability in Geeklog SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | 5.1 |
| 2006-05-31 | CVE-2006-2699 | Input Validation vulnerability in Geeklog Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. network geeklog | 6.8 |
| 2006-05-31 | CVE-2006-2698 | Input Validation vulnerability in Geeklog Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | 7.8 |
| 2002-12-31 | CVE-2002-1917 | Unspecified vulnerability in Geeklog 1.3.5Sr1/1.35 CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header. | 5.0 |