Vulnerabilities > Mywebland
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-19 | CVE-2007-0353 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.5 Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. network mywebland | 6.8 |
2006-08-11 | CVE-2006-4083 | Remote Security vulnerability in Myevent 1.2/1.3 PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. | 7.5 |
2006-08-09 | CVE-2006-4043 | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
2006-08-09 | CVE-2006-4042 | SQL Injection vulnerability in Mywebland Mybloggie Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | 7.5 |
2006-08-09 | CVE-2006-4040 | Remote File Include vulnerability in myEvent Myevent.PHP PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | 7.5 |
2006-07-27 | CVE-2006-3905 | SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. | 7.5 |
2006-07-27 | CVE-2006-3903 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. network mywebland | 5.8 |
2006-05-09 | CVE-2006-2269 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. network mywebland | 4.3 |
2006-04-20 | CVE-2006-1908 | Cross-Site Scripting vulnerability in myEvent Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. | 2.6 |
2006-04-20 | CVE-2006-1907 | SQL-Injection vulnerability in myEvent Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. | 7.5 |