CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2006-6035 – Blog:CMS 4.1.3 - 'list.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6035
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en list.php de BLOG:CMS 4.1.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro FADDR. • https://www.exploit-db.com/exploits/29095 http://marc.info/?l=bugtraq&m=116387287216907&w=2 http://secunia.com/advisories/23025 http://securitytracker.com/id?1017250 http://www.securityfocus.com/bid/21173 http://www.vupen.com/english/advisories/2006/4598 https://exchange.xforce.ibmcloud.com/vulnerabilities/30385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 1CVE-2006-3364 – Blog:CMS 4.0.0k - SQL Injection
https://notcve.org/view.php?id=CVE-2006-3364
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el Plugin NS_SEO en BLOG:CMS 4.1.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/1960 http://blogcms.com/wiki/changelog http://retrogod.altervista.org/blogcms_400k_sql.html http://secunia.com/advisories/20859 http://securityreason.com/securityalert/1193 http://securitytracker.com/id?1016408 http://www.osvdb.org/26877 http://www.securityfocus.com/archive/1/438603/100/100/threaded http://www.vupen.com/english/advisories/2006/2582 https://exchange.xforce.ibmcloud.com/vulnerabilities/27435 •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2005-4687
https://notcve.org/view.php?id=CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15326 •