RSS   Vulnerabilities for 'D2kblog'   RSS

2006-03-09
 
CVE-2006-1123

CWE-Other
 

 
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.

 
 
CVE-2006-1122

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top