7 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3

Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en ndex.php en el componente MyBlog (com_myblog) v3.0.329 para Joomla! • https://www.exploit-db.com/exploits/11625 http://secunia.com/advisories/38777 http://www.exploit-db.com/exploits/11625 http://www.securityfocus.com/bid/38530 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Sam Crew MyBlog almacena contraseñas en texto claro en una base de datos MySQL, lo cual permite a atacantes dependientes de contexto obtener información sensible. • https://www.exploit-db.com/exploits/5913 https://exchange.xforce.ibmcloud.com/vulnerabilities/48843 • CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. add.php en MyBlog v0.9.8 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso con privilegios de administrador asignando el valor admin=yes y login=admin en la cookie de sesión. • https://www.exploit-db.com/exploits/6531 http://www.securityfocus.com/bid/31311 http://www.vupen.com/english/advisories/2008/2654 https://exchange.xforce.ibmcloud.com/vulnerabilities/45576 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en MyBlog, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) s y(2) sort al index.php y el parámetro (3)id a post.php • https://www.exploit-db.com/exploits/5913 http://www.securityfocus.com/bid/29900 https://exchange.xforce.ibmcloud.com/vulnerabilities/43293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php. Múltiples vulnerabilidades de inyección SQL en MyBlog permite a atacantes remotos ejecutar comandos SQL a través del (1) parámetro view de (a) index.php, y los (2) parámetros id de (b) member.php y (c) post.php. • https://www.exploit-db.com/exploits/5913 http://www.securityfocus.com/bid/29900 https://exchange.xforce.ibmcloud.com/vulnerabilities/43292 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •