CVE Tools

alexander palmo

Web & CMS Pluginsindividual-dev

12

Cumulative CVEs

10

Monthly snapshots

#38

Peak rank

Top products

simple php blog1

Latest CVEs

The 12 most recently published vulnerabilities affecting alexander palmo.

CVE-2011-5029Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete...4.3Dec 29, 2011
CVE-2009-4421Directory traversal vulnerability in languages_cgi.php in Simple PHP Blog 0.5.1 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the ...6.5Dec 24, 2009
CVE-2007-5072Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via c...4.3Sep 24, 2007
CVE-2007-5071Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP Blog before 0.5.1 allows remote attackers to upload dangerous files and execute arbitrary code, as demonstrated by a filename ...7.5Sep 24, 2007
CVE-2006-1243Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequence...7.5Mar 15, 2006
CVE-2005-3473Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) b...4.3Nov 3, 2005
CVE-2005-2787comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.5.0Sep 2, 2005
CVE-2005-2733upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.7.5Aug 29, 2005
CVE-2005-2192SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.5.0Jul 10, 2005
CVE-2005-1137Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.5.0Apr 16, 2005
CVE-2005-1135Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.4.3Apr 16, 2005
CVE-2005-0214Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.5.0Feb 6, 2005