3Nitro

#10566of 53,622
26.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2006-2149
6.8
2006-03-09
D2K · D2Kblog · CVE-2006-1122
**Name of the Vulnerable Software and Affected Versions** D2KBlog versions 1.0.3 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `msg` parameter in the Default.asp file. **Recommendations** For D2KBlog versions 1.0.3 and earlier, as a temporary workaround, consider restricting access to the Default.asp file until a patch is available. Avoid using the `msg` parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-2150
10
2006-03-09
D2Kblog · D2Kblog · CVE-2006-1123
**Name of the Vulnerable Software and Affected Versions** D2KBlog versions 1.0.3 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `memName` parameter in a cookie. **Recommendations** For D2KBlog versions 1.0.3 and earlier, consider restricting access to the `memName` parameter in cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2005-1965
5.0
2005-03-30
Ublog · Ublog Reload · CVE-2005-0938
**Name of the Vulnerable Software and Affected Versions** Ublog Reload versions 1.0 through 1.0.4 **Description** The issue allows remote attackers to read usernames and hashed passwords by making a direct request to the `ublogreload.mdb` file, which is stored under the web root. **Recommendations** For versions 1.0 through 1.0.4, consider restricting access to the `ublogreload.mdb` file to prevent unauthorized reading of sensitive data.
PT-2005-1952
4.3
2005-03-29
Ublog · Ublog Reload · CVE-2005-0925
**Name of the Vulnerable Software and Affected Versions** Ublog Reload versions 1.0 through 1.0.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `msg` parameter in the "login.asp" page. **Recommendations** For Ublog Reload versions 1.0 through 1.0.4, avoid using the `msg` parameter in the login.asp page until a fix is available. Consider restricting access to the login.asp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.