CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 3CVE-2010-1540 – Joomla! Component com_blog - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-1540
26 Apr 2010 — Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de salto de directorio en ndex.php en el componente MyBlog (com_myblog) v3.0.329 para Joomla! • https://www.exploit-db.com/exploits/11625 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-6193 – MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-6193
19 Feb 2009 — Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Sam Crew MyBlog almacena contraseñas en texto claro en una base de datos MySQL, lo cual permite a atacantes dependientes de contexto obtener información sensible. • https://www.exploit-db.com/exploits/5913 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-4341 – MyBlog 0.9.8 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-4341
30 Sep 2008 — add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. add.php en MyBlog v0.9.8 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso con privilegios de administrador asignando el valor admin=yes y login=admin en la cookie de sesión. • https://www.exploit-db.com/exploits/6531 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2008-2962 – MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2962
02 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en MyBlog, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) s y(2) sort al index.php y el parámetro (3)id a post.php • https://www.exploit-db.com/exploits/5913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2963 – MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2963
02 Jul 2008 — Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php. Múltiples vulnerabilidades de inyección SQL en MyBlog permite a atacantes remotos ejecutar comandos SQL a través del (1) parámetro view de (a) index.php, y los (2) parámetros id de (b) member.php y (c) post.php. • https://www.exploit-db.com/exploits/5913 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2007-2081 – MyBlog 0.9.8 - 'Settings.php' Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-2081
18 Apr 2007 — MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. MyBlog 0.9.8 y anteriores permite a atacantes remotos evitar los requerimientos de autenticación mediante el parámetro de administración cookie a ciertos ficheros de administración, como ha sido demostrado por admin/settings.php. • https://www.exploit-db.com/exploits/29864 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2082
https://notcve.org/view.php?id=CVE-2007-2082
18 Apr 2007 — Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. Vulnerabilidad de inyección directa de código estático en admin/settings.php de MyBlog 0.9.8 y anteriores permite a administradores remotos autenticados inyect... • http://osvdb.org/35392 •