Vulnerabilities > Pixelpost

DATE CVE VULNERABILITY TITLE RISK
2006-06-07 CVE-2006-2891 Cross-Site Scripting vulnerability in Pixelpost 1.5Rc1
Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.
network
high complexity
pixelpost
2.6
2006-06-07 CVE-2006-2890 SQL Injection vulnerability in Pixelpost 1.5Rc1
Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php.
network
high complexity
pixelpost
5.1
2006-06-07 CVE-2006-2889 SQL Injection vulnerability in Pixelpost
Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.
network
high complexity
pixelpost
5.1
2006-03-09 CVE-2006-1106 Input Validation vulnerability in Pixelpost
Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post.
network
pixelpost
4.3
2006-03-09 CVE-2006-1105 Input Validation vulnerability in Pixelpost
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function.
network
low complexity
pixelpost
5.0
2006-03-09 CVE-2006-1104 Input Validation vulnerability in Pixelpost
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php.
network
low complexity
pixelpost
7.5
2006-01-25 CVE-2006-0409 HTML Injection vulnerability in Pixelpost Photoblog 1.4.3
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
network
pixelpost
4.3