Vulnerabilities > Mywebland > Mybloggie > 2.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-09 | CVE-2006-4043 | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
2005-09-07 | CVE-2005-2838 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.2/2.1.3Beta SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2005-05-11 | CVE-2005-1500 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.3 Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. | 7.5 |
2005-05-11 | CVE-2005-1499 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter. | 7.5 |
2005-05-11 | CVE-2005-1498 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. network mywebland | 4.3 |
2005-05-11 | CVE-2005-1497 | Information Disclosure vulnerability in Mywebland Mybloggie 2.1.1 index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message. | 5.0 |
2005-04-15 | CVE-2005-1140 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.1 Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments. network mywebland | 4.3 |