| Max CVSS | 7.8 | Min CVSS | 5.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-2698 | 7.8 |
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. This vulnerability is addressed in the followi
|
18-10-2018 - 16:41 | 31-05-2006 - 10:06 | |
| CVE-2006-2699 | 6.8 |
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. This vulnerability is addressed in the following product
|
18-10-2018 - 16:41 | 31-05-2006 - 10:06 | |
| CVE-2006-2700 | 5.1 |
SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. Successful exploitation requires that "magic_quotes_gpc
|
18-10-2018 - 16:41 | 31-05-2006 - 10:06 |