Search criteria
32 vulnerabilities by Geeklog
CVE-2023-46059 (GCVE-0-2023-46059)
Vulnerability from cvelistv5 – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:22
VLAI
Summary
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/reflected_XSS_in_editservice.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:37:14.603945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:22:12.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T23:43:53.819Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/reflected_XSS_in_editservice.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46059",
"datePublished": "2023-10-23T00:00:00.000Z",
"dateReserved": "2023-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T14:22:12.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46058 (GCVE-0-2023-46058)
Vulnerability from cvelistv5 – Published: 2023-10-23 00:00 – Updated: 2024-09-17 14:22
VLAI
Summary
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/Stored_XSS_in_group.php.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46058",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:35:40.771983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:22:37.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T23:26:36.616Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/geeklog/Stored_XSS_in_group.php.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46058",
"datePublished": "2023-10-23T00:00:00.000Z",
"dateReserved": "2023-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T14:22:37.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37787 (GCVE-0-2023-37787)
Vulnerability from cvelistv5 – Published: 2023-07-13 00:00 – Updated: 2024-10-30 20:27
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/storedXSS"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37787",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T20:27:39.375282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T20:27:50.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/storedXSS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37787",
"datePublished": "2023-07-13T00:00:00.000Z",
"dateReserved": "2023-07-10T00:00:00.000Z",
"dateUpdated": "2024-10-30T20:27:50.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37786 (GCVE-0-2023-37786)
Vulnerability from cvelistv5 – Published: 2023-07-13 00:00 – Updated: 2024-10-30 19:32
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/reflectedxss1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:32:40.693484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:32:52.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/reflectedxss1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37786",
"datePublished": "2023-07-13T00:00:00.000Z",
"dateReserved": "2023-07-10T00:00:00.000Z",
"dateUpdated": "2024-10-30T19:32:52.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1470 (GCVE-0-2013-1470)
Vulnerability from cvelistv5 – Published: 2014-02-05 15:00 – Updated: 2024-08-06 15:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/120593/Geekl… | x_refsource_MISC |
| https://www.htbridge.com/advisory/HTB23143 | x_refsource_MISC |
| https://www.geeklog.net/article.php/geeklog-1.8.2sr1 | x_refsource_CONFIRM |
Date Public
2013-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geeklog-calendartype-xss(82326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82326"
},
{
"name": "20130227 Cross-Site Scripting (XSS) in Geeklog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0154.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120593/Geeklog-1.8.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.geeklog.net/article.php/geeklog-1.8.2sr1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geeklog-calendartype-xss(82326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82326"
},
{
"name": "20130227 Cross-Site Scripting (XSS) in Geeklog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0154.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120593/Geeklog-1.8.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.geeklog.net/article.php/geeklog-1.8.2sr1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geeklog-calendartype-xss(82326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82326"
},
{
"name": "20130227 Cross-Site Scripting (XSS) in Geeklog",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0154.html"
},
{
"name": "http://packetstormsecurity.com/files/120593/Geeklog-1.8.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120593/Geeklog-1.8.2-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23143",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23143"
},
{
"name": "https://www.geeklog.net/article.php/geeklog-1.8.2sr1",
"refsource": "CONFIRM",
"url": "https://www.geeklog.net/article.php/geeklog-1.8.2sr1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1470",
"datePublished": "2014-02-05T15:00:00.000Z",
"dateReserved": "2013-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:04:48.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5159 (GCVE-0-2011-5159)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-09-17 03:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.7.1sr1 | x_refsource_CONFIRM |
| http://www.osvdb.org/70245 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/42775 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70245"
},
{
"name": "42775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-09T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70245"
},
{
"name": "42775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70245"
},
{
"name": "42775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5159",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2012-09-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:56.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4942 (GCVE-0-2011-4942)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-09-16 16:23
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.7.1sr1 | x_refsource_CONFIRM |
| http://www.osvdb.org/70245 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2011/03/18/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/42775 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/03/23/5 | mailing-listx_refsource_MLIST |
| http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70245"
},
{
"name": "[oss-security] 20110318 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/8"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/13"
},
{
"name": "42775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42775"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-09T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70245"
},
{
"name": "[oss-security] 20110318 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/8"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/13"
},
{
"name": "42775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42775"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.7.1sr1"
},
{
"name": "70245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70245"
},
{
"name": "[oss-security] 20110318 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/8"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/13"
},
{
"name": "42775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42775"
},
{
"name": "[oss-security] 20120323 CVE Request: Geeklog 1.7.1 \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/5"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bgeeklog1.7.1%5D_cross_site_scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4942",
"datePublished": "2012-09-09T21:00:00.000Z",
"dateReserved": "2011-12-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:23:55.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4647 (GCVE-0-2011-4647)
Vulnerability from cvelistv5 – Published: 2011-11-30 19:00 – Updated: 2024-09-16 17:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://project.geeklog.net/tracking/view.php?id=1368 | x_refsource_CONFIRM |
| http://www.geeklog.net/article.php/geeklog-1.8.1 | x_refsource_CONFIRM |
| http://project.geeklog.net/cgi-bin/hgwebdir.cgi/g… | x_refsource_CONFIRM |
| http://secunia.com/advisories/46348/ | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/76297 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://project.geeklog.net/tracking/view.php?id=1368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.8.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86"
},
{
"name": "46348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46348/"
},
{
"name": "76297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-30T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://project.geeklog.net/tracking/view.php?id=1368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.8.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86"
},
{
"name": "46348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46348/"
},
{
"name": "76297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://project.geeklog.net/tracking/view.php?id=1368",
"refsource": "CONFIRM",
"url": "http://project.geeklog.net/tracking/view.php?id=1368"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.8.1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.8.1"
},
{
"name": "http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86",
"refsource": "CONFIRM",
"url": "http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/fd3ca3aebf86"
},
{
"name": "46348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46348/"
},
{
"name": "76297",
"refsource": "OSVDB",
"url": "http://osvdb.org/76297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4647",
"datePublished": "2011-11-30T19:00:00.000Z",
"dateReserved": "2011-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:02.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4933 (GCVE-0-2010-4933)
Vulnerability from cvelistv5 – Published: 2011-10-09 10:00 – Updated: 2024-08-07 04:02
VLAI
Summary
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/43458 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/15091 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/8457 | third-party-advisoryx_refsource_SREASON |
| http://packetstormsecurity.org/1009-exploits/geek… | x_refsource_MISC |
Date Public
2010-09-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43458"
},
{
"name": "15091",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15091"
},
{
"name": "8457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43458"
},
{
"name": "15091",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15091"
},
{
"name": "8457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43458"
},
{
"name": "15091",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15091"
},
{
"name": "8457",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8457"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/geeklog138-sql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4933",
"datePublished": "2011-10-09T10:00:00.000Z",
"dateReserved": "2011-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3021 (GCVE-0-2009-3021)
Vulnerability from cvelistv5 – Published: 2009-08-31 20:00 – Updated: 2024-09-16 16:13
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN20478978/index.html | third-party-advisoryx_refsource_JVN |
| http://www.geeklog.jp/article.php/20090820020302431 | x_refsource_MISC |
| http://secunia.com/advisories/36404 | third-party-advisoryx_refsource_SECUNIA |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0… | third-party-advisoryx_refsource_JVNDB |
| http://secunia.com/advisories/36413 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#20478978",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20478978/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeklog.jp/article.php/20090820020302431"
},
{
"name": "36404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36404"
},
{
"name": "JVNDB-2009-000055",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html"
},
{
"name": "36413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Site Calendar \u0027mycaljp\u0027 plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-31T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#20478978",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20478978/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeklog.jp/article.php/20090820020302431"
},
{
"name": "36404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36404"
},
{
"name": "JVNDB-2009-000055",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html"
},
{
"name": "36413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Site Calendar \u0027mycaljp\u0027 plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#20478978",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20478978/index.html"
},
{
"name": "http://www.geeklog.jp/article.php/20090820020302431",
"refsource": "MISC",
"url": "http://www.geeklog.jp/article.php/20090820020302431"
},
{
"name": "36404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36404"
},
{
"name": "JVNDB-2009-000055",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html"
},
{
"name": "36413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3021",
"datePublished": "2009-08-31T20:00:00.000Z",
"dateReserved": "2009-08-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:46.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1347 (GCVE-0-2003-1347)
Vulnerability from cvelistv5 – Published: 2007-10-14 19:00 – Updated: 2024-08-08 02:28
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/filemgmt/visit.php?lid=101 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/6602 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6603 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/6604 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/306770 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/6601 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3226 | third-party-advisoryx_refsource_SREASON |
Date Public
2003-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:02.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/filemgmt/visit.php?lid=101"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6602"
},
{
"name": "geeklog-php-scripts-xss(11075)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075"
},
{
"name": "6603",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6603"
},
{
"name": "6604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6604"
},
{
"name": "20030114 Multiple XSS in Geeklog 1.3.7",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/306770"
},
{
"name": "6601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6601"
},
{
"name": "3226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/filemgmt/visit.php?lid=101"
},
{
"name": "6602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6602"
},
{
"name": "geeklog-php-scripts-xss(11075)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075"
},
{
"name": "6603",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6603"
},
{
"name": "6604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6604"
},
{
"name": "20030114 Multiple XSS in Geeklog 1.3.7",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/306770"
},
{
"name": "6601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6601"
},
{
"name": "3226",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/filemgmt/visit.php?lid=101",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/filemgmt/visit.php?lid=101"
},
{
"name": "6602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6602"
},
{
"name": "geeklog-php-scripts-xss(11075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075"
},
{
"name": "6603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6603"
},
{
"name": "6604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6604"
},
{
"name": "20030114 Multiple XSS in Geeklog 1.3.7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/306770"
},
{
"name": "6601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6601"
},
{
"name": "3226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1347",
"datePublished": "2007-10-14T19:00:00.000Z",
"dateReserved": "2007-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:28:02.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2793 (GCVE-0-2007-2793)
Vulnerability from cvelistv5 – Published: 2007-05-22 00:00 – Updated: 2024-08-07 13:49
VLAI
Summary
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3946 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/24031 | vdb-entryx_refsource_BID |
| http://osvdb.org/37947 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3946",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3946"
},
{
"name": "24031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24031"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37947"
},
{
"name": "geeklog-imageimagemagick-file-include(34351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3946",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3946"
},
{
"name": "24031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24031"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37947"
},
{
"name": "geeklog-imageimagemagick-file-include(34351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34351"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3946",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3946"
},
{
"name": "24031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24031"
},
{
"name": "37947",
"refsource": "OSVDB",
"url": "http://osvdb.org/37947"
},
{
"name": "geeklog-imageimagemagick-file-include(34351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34351"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2793",
"datePublished": "2007-05-22T00:00:00.000Z",
"dateReserved": "2007-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2706 (GCVE-0-2007-2706)
Vulnerability from cvelistv5 – Published: 2007-05-16 10:00 – Updated: 2024-08-07 13:49
VLAI
Summary
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3924 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25272 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/36239 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/23983 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1827 | vdb-entryx_refsource_VUPEN |
Date Public
2007-05-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3924",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3924"
},
{
"name": "geeklogmedia-ftpmedia-file-include(34294)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34294"
},
{
"name": "25272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25272"
},
{
"name": "36239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36239"
},
{
"name": "23983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23983"
},
{
"name": "ADV-2007-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3924",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3924"
},
{
"name": "geeklogmedia-ftpmedia-file-include(34294)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34294"
},
{
"name": "25272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25272"
},
{
"name": "36239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36239"
},
{
"name": "23983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23983"
},
{
"name": "ADV-2007-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3924",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3924"
},
{
"name": "geeklogmedia-ftpmedia-file-include(34294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34294"
},
{
"name": "25272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25272"
},
{
"name": "36239",
"refsource": "OSVDB",
"url": "http://osvdb.org/36239"
},
{
"name": "23983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23983"
},
{
"name": "ADV-2007-1827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2706",
"datePublished": "2007-05-16T10:00:00.000Z",
"dateReserved": "2007-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0810 (GCVE-0-2007-0810)
Vulnerability from cvelistv5 – Published: 2007-02-07 11:00 – Updated: 2024-08-07 12:34
VLAI
Summary
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/3267 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/35749 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/22386 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:20.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3267",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3267"
},
{
"name": "35749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35749"
},
{
"name": "22386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22386"
},
{
"name": "geeklog-baseview-file-include(32205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3267",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3267"
},
{
"name": "35749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35749"
},
{
"name": "22386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22386"
},
{
"name": "geeklog-baseview-file-include(32205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3267",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3267"
},
{
"name": "35749",
"refsource": "OSVDB",
"url": "http://osvdb.org/35749"
},
{
"name": "22386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22386"
},
{
"name": "geeklog-baseview-file-include(32205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0810",
"datePublished": "2007-02-07T11:00:00.000Z",
"dateReserved": "2007-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:34:20.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6225 (GCVE-0-2006-6225)
Vulnerability from cvelistv5 – Published: 2006-12-02 02:00 – Updated: 2024-08-07 20:19
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/18740 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/1963 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:35.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "18740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18740"
},
{
"name": "1963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "18740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18740"
},
{
"name": "1963",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "18740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18740"
},
{
"name": "1963",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6225",
"datePublished": "2006-12-02T02:00:00.000Z",
"dateReserved": "2006-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:19:35.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3756 (GCVE-0-2006-3756)
Vulnerability from cvelistv5 – Published: 2006-07-20 23:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2865 | vdb-entryx_refsource_VUPEN |
| http://www.geeklog.net/article.php/geeklog-1.4.0sr5 | x_refsource_CONFIRM |
| http://secunia.com/advisories/21094 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/jp/JVN%2381108784/index.html | third-party-advisoryx_refsource_JVN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2865"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr5"
},
{
"name": "21094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21094"
},
{
"name": "JVN#81108784",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2381108784/index.html"
},
{
"name": "geeklog-comment-xss(27813)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2865"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr5"
},
{
"name": "21094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21094"
},
{
"name": "JVN#81108784",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2381108784/index.html"
},
{
"name": "geeklog-comment-xss(27813)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2865"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr5",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr5"
},
{
"name": "21094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21094"
},
{
"name": "JVN#81108784",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2381108784/index.html"
},
{
"name": "geeklog-comment-xss(27813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3756",
"datePublished": "2006-07-20T23:00:00.000Z",
"dateReserved": "2006-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3362 (GCVE-0-2006-3362)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23
VLAI
Summary
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19072"
},
{
"name": "18767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18767"
},
{
"name": "30950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
},
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "toendacms-connector-file-upload(27799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
},
{
"name": "ADV-2006-2868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2868"
},
{
"name": "6344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6344"
},
{
"name": "2035",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2035"
},
{
"name": "1964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1964"
},
{
"name": "20886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20886"
},
{
"name": "geeklog-connector-file-upload(27494)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
},
{
"name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
},
{
"name": "21117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
},
{
"name": "ADV-2006-2611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19072"
},
{
"name": "18767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18767"
},
{
"name": "30950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
},
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "toendacms-connector-file-upload(27799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
},
{
"name": "ADV-2006-2868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2868"
},
{
"name": "6344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6344"
},
{
"name": "2035",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2035"
},
{
"name": "1964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1964"
},
{
"name": "20886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20886"
},
{
"name": "geeklog-connector-file-upload(27494)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
},
{
"name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
},
{
"name": "21117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
},
{
"name": "ADV-2006-2611",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19072"
},
{
"name": "18767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18767"
},
{
"name": "30950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30950"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
},
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "toendacms-connector-file-upload(27799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
},
{
"name": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
},
{
"name": "ADV-2006-2868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2868"
},
{
"name": "6344",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6344"
},
{
"name": "2035",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2035"
},
{
"name": "1964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1964"
},
{
"name": "20886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20886"
},
{
"name": "geeklog-connector-file-upload(27494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
},
{
"name": "20060717 ToendaCMS \u003c= 1.0.0 arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
},
{
"name": "21117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21117"
},
{
"name": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
},
{
"name": "ADV-2006-2611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3362",
"datePublished": "2006-07-06T20:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2699 (GCVE-0-2006-2699)
Vulnerability from cvelistv5 – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI
Summary
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/index.php?topic=Security | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/993 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435295/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/2050 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://kapda.ir/advisory-336.html | x_refsource_MISC |
| http://secunia.com/advisories/20316 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18154 | vdb-entryx_refsource_BID |
Date Public
2006-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-getimage-xss(26862)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-getimage-xss(26862)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/index.php?topic=Security",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-getimage-xss(26862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862"
},
{
"name": "http://kapda.ir/advisory-336.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2699",
"datePublished": "2006-05-31T10:00:00.000Z",
"dateReserved": "2006-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:58:51.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2701 (GCVE-0-2006-2701)
Vulnerability from cvelistv5 – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI
Summary
SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/index.php?topic=Security | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/2050 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20316 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/index.php?topic=Security",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "ADV-2006-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"name": "20316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2701",
"datePublished": "2006-05-31T10:00:00.000Z",
"dateReserved": "2006-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:58:51.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2700 (GCVE-0-2006-2700)
Vulnerability from cvelistv5 – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI
Summary
SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/index.php?topic=Security | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/993 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435295/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/2050 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://kapda.ir/advisory-336.html | x_refsource_MISC |
| http://secunia.com/advisories/20316 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18154 | vdb-entryx_refsource_BID |
Date Public
2006-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/index.php?topic=Security",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "geeklog-auth-libsecurity-sql-injection(26863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26863"
},
{
"name": "http://kapda.ir/advisory-336.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "20316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2700",
"datePublished": "2006-05-31T10:00:00.000Z",
"dateReserved": "2006-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:58:51.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2698 (GCVE-0-2006-2698)
Vulnerability from cvelistv5 – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI
Summary
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/index.php?topic=Security | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/993 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/435295/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2006/2050 | vdb-entryx_refsource_VUPEN |
| http://kapda.ir/advisory-336.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20316 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18154 | vdb-entryx_refsource_BID |
Date Public
2006-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:52.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "geeklog-multiple-path-disclosure(26864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26864"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "geeklog-multiple-path-disclosure(26864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26864"
},
{
"name": "20316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/index.php?topic=Security",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/index.php?topic=Security"
},
{
"name": "993",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/993"
},
{
"name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded"
},
{
"name": "ADV-2006-2050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2050"
},
{
"name": "http://kapda.ir/advisory-336.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-336.html"
},
{
"name": "geeklog-multiple-path-disclosure(26864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26864"
},
{
"name": "20316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20316"
},
{
"name": "18154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2698",
"datePublished": "2006-05-31T10:00:00.000Z",
"dateReserved": "2006-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:58:52.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1069 (GCVE-0-2006-1069)
Vulnerability from cvelistv5 – Published: 2006-03-07 23:00 – Updated: 2024-08-07 16:56
VLAI
Summary
Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.4.0sr2 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/17010 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/0851 | vdb-entryx_refsource_VUPEN |
Date Public
2006-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2"
},
{
"name": "17010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17010"
},
{
"name": "ADV-2006-0851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-05-02T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2"
},
{
"name": "17010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17010"
},
{
"name": "ADV-2006-0851",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr2"
},
{
"name": "17010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17010"
},
{
"name": "ADV-2006-0851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1069",
"datePublished": "2006-03-07T23:00:00.000Z",
"dateReserved": "2006-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0823 (GCVE-0-2006-0823)
Vulnerability from cvelistv5 – Published: 2006-02-21 23:00 – Updated: 2024-08-07 16:48
VLAI
Summary
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0661 | vdb-entryx_refsource_VUPEN |
| http://www.geeklog.net/article.php/geeklog-1.4.0sr1 | x_refsource_CONFIRM |
| http://www.osvdb.org/23348 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/16755 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/425506/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/18920 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
Date Public
2006-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23348"
},
{
"name": "16755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "geeklog-users-sessions-sql-injection(24775)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24775"
},
{
"name": "18920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23348"
},
{
"name": "16755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "geeklog-users-sessions-sql-injection(24775)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24775"
},
{
"name": "18920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23348"
},
{
"name": "16755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "geeklog-users-sessions-sql-injection(24775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24775"
},
{
"name": "18920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18920"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0823",
"datePublished": "2006-02-21T23:00:00.000Z",
"dateReserved": "2006-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0824 (GCVE-0-2006-0824)
Vulnerability from cvelistv5 – Published: 2006-02-21 23:00 – Updated: 2024-08-07 16:48
VLAI
Summary
Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0661 | vdb-entryx_refsource_VUPEN |
| http://www.geeklog.net/article.php/geeklog-1.4.0sr1 | x_refsource_CONFIRM |
| http://www.osvdb.org/23349 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/16755 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/425506/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/18920 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
Date Public
2006-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23349"
},
{
"name": "16755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "18920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0661",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23349"
},
{
"name": "16755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "18920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0661"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr1"
},
{
"name": "23349",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23349"
},
{
"name": "16755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16755"
},
{
"name": "20060219 Geeklog Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425506/100/0/threaded"
},
{
"name": "18920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18920"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00102-02192006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0824",
"datePublished": "2006-02-21T23:00:00.000Z",
"dateReserved": "2006-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4725 (GCVE-0-2005-4725)
Vulnerability from cvelistv5 – Published: 2006-02-20 20:00 – Updated: 2024-09-16 19:10
VLAI
Summary
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.3.11sr3 | x_refsource_CONFIRM |
| http://www.geeklog.net/forum/viewtopic.php?showto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-20T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"name": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457",
"refsource": "MISC",
"url": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4725",
"datePublished": "2006-02-20T20:00:00.000Z",
"dateReserved": "2006-02-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:43.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4026 (GCVE-0-2005-4026)
Vulnerability from cvelistv5 – Published: 2005-12-05 11:00 – Updated: 2024-08-07 23:31
VLAI
Summary
search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.3.11sr3 | x_refsource_CONFIRM |
| http://www.osvdb.org/21398 | vdb-entryx_refsource_OSVDB |
| http://pridels0.blogspot.com/2005/11/geeklog-14x-… | x_refsource_MISC |
Date Public
2005-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"name": "21398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21398"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-21T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"name": "21398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21398"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"name": "21398",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21398"
},
{
"name": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4026",
"datePublished": "2005-12-05T11:00:00.000Z",
"dateReserved": "2005-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2152 (GCVE-0-2005-2152)
Vulnerability from cvelistv5 – Published: 2005-07-06 04:00 – Updated: 2024-08-07 22:15
VLAI
Summary
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.geeklog.net/article.php/geeklog-1.3.11sr1 | x_refsource_CONFIRM |
| http://secunia.com/advisories/15914 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hardened-php.net/advisory-062005.php | x_refsource_MISC |
| http://securitytracker.com/id?1014381 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1"
},
{
"name": "15914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory-062005.php"
},
{
"name": "1014381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1"
},
{
"name": "15914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory-062005.php"
},
{
"name": "1014381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr1"
},
{
"name": "15914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15914"
},
{
"name": "http://www.hardened-php.net/advisory-062005.php",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory-062005.php"
},
{
"name": "1014381",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2152",
"datePublished": "2005-07-06T04:00:00.000Z",
"dateReserved": "2005-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:15:37.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1917 (GCVE-0-2002-1917)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 16:42
VLAI
Summary
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9639.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/5271 | vdb-entryx_refsource_BID |
| http://online.securityfocus.com/archive/1/283140 | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geeklog-email-crlf-injection(9639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9639.php"
},
{
"name": "5271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5271"
},
{
"name": "20020719 Geeklog XSS and CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/283140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the \"User Profile: Send Email\" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geeklog-email-crlf-injection(9639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9639.php"
},
{
"name": "5271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5271"
},
{
"name": "20020719 Geeklog XSS and CRLF Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/283140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the \"User Profile: Send Email\" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geeklog-email-crlf-injection(9639)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9639.php"
},
{
"name": "5271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5271"
},
{
"name": "20020719 Geeklog XSS and CRLF Injection",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/283140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1917",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T16:42:42.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0963 (GCVE-0-2002-0963)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI
Summary
SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://geeklog.sourceforge.net/article.php?story=… | x_refsource_CONFIRM |
| http://www.iss.net/security_center/static/9311.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/4968 | vdb-entryx_refsource_BID |
Date Public
2002-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:15.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "geeklog-sql-injection(9311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9311.php"
},
{
"name": "4968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "geeklog-sql-injection(9311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9311.php"
},
{
"name": "4968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"name": "http://geeklog.sourceforge.net/article.php?story=20020610013358149",
"refsource": "CONFIRM",
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "geeklog-sql-injection(9311)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9311.php"
},
{
"name": "4968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0963",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:15.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0962 (GCVE-0-2002-0962)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI
Summary
Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9310.php | vdb-entryx_refsource_XF |
| http://www.iss.net/security_center/static/9309.php | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://geeklog.sourceforge.net/article.php?story=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/4969 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/4974 | vdb-entryx_refsource_BID |
Date Public
2002-06-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geeklog-index-comment-xss(9310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9310.php"
},
{
"name": "geeklog-calendar-event-xss(9309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9309.php"
},
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "4969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4969"
},
{
"name": "4974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geeklog-index-comment-xss(9310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9310.php"
},
{
"name": "geeklog-calendar-event-xss(9309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9309.php"
},
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "4969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4969"
},
{
"name": "4974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geeklog-index-comment-xss(9310)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9310.php"
},
{
"name": "geeklog-calendar-event-xss(9309)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9309.php"
},
{
"name": "20020610 [ARL02-A13] Multiple Security Issues in GeekLog",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html"
},
{
"name": "http://geeklog.sourceforge.net/article.php?story=20020610013358149",
"refsource": "CONFIRM",
"url": "http://geeklog.sourceforge.net/article.php?story=20020610013358149"
},
{
"name": "4969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4969"
},
{
"name": "4974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0962",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:16.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}