Vulnerabilities > Geeklog > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-21 | CVE-2006-3756 | Cross-Site Scripting vulnerability in Geeklog 1.3.11/1.4.0 Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | 4.3 |
| 2006-07-06 | CVE-2006-3362 | Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | 5.1 |
| 2006-05-31 | CVE-2006-2700 | Input Validation vulnerability in Geeklog SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | 5.1 |
| 2006-05-31 | CVE-2006-2699 | Input Validation vulnerability in Geeklog Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. network geeklog | 6.8 |
| 2005-12-05 | CVE-2005-4026 | Information Disclosure vulnerability in Geeklog (Extended Japanese Package) search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1347 | Cross-Site Scripting vulnerability in Geeklog 1.3.7 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field. | 4.3 |
| 2002-12-31 | CVE-2002-1917 | Unspecified vulnerability in Geeklog 1.3.5Sr1/1.35 CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header. | 5.0 |
| 2002-10-04 | CVE-2002-0963 | SQL Injection vulnerability in Geeklog 1.3/1.3.0/1.3.5 SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. | 5.0 |