IDCVSSSummaryLast (major) updatePublished
CVE-2006-2522 7.5
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
20-07-2017 - 01:31 22-05-2006 - 22:02
CVE-2006-5183 7.5
Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php sc
17-10-2018 - 21:41 10-10-2006 - 04:06
CVE-2007-0150 7.5
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
16-10-2018 - 16:31 09-01-2007 - 18:28
CVE-2007-1525 6.8
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
11-10-2017 - 01:31 20-03-2007 - 20:19
CVE-2008-3564 7.5
Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can
29-09-2017 - 01:31 10-08-2008 - 20:41
Back to Top Mark selected
Back to Top