| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-0843 | 5.0 |
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0844 | 7.5 |
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0845 | 6.5 |
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 | |
| CVE-2006-0846 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when
|
20-07-2017 - 01:30 | 22-02-2006 - 02:02 |