MidnightBSD

Advisories for gerrit_van_aaken

CVE-2006-0565 HIGH

PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
gerrit_van_aaken loudblog 0.1
gerrit_van_aaken loudblog 0.3
gerrit_van_aaken loudblog 0.2
gerrit_van_aaken loudblog *
CVE-2006-1113 MEDIUM

SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gerrit_van_aaken loudblog 0.41
CVE-2006-1114 MEDIUM

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gerrit_van_aaken loudblog 0.41
CVE-2006-3820 MEDIUM

Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gerrit_van_aaken loudblog 0.1
gerrit_van_aaken loudblog 0.41
gerrit_van_aaken loudblog 0.4
gerrit_van_aaken loudblog 0.3
gerrit_van_aaken loudblog 0.2