Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5651 | 1 Dotclear | 1 Dotclear | 2015-10-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-5316 | 1 Dotclear | 1 Dotclear | 2015-09-08 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. | |||||
CVE-2014-3782 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 6.0 MEDIUM | N/A |
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension. | |||||
CVE-2014-3781 | 1 Dotclear | 1 Dotclear | 2014-06-12 | 5.8 MEDIUM | N/A |
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | |||||
CVE-2014-1613 | 1 Dotclear | 1 Dotclear | 2014-05-16 | 7.5 HIGH | N/A |
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php. | |||||
CVE-2011-1584 | 1 Dotclear | 1 Dotclear | 2012-04-26 | 6.5 MEDIUM | N/A |
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-5083 | 1 Dotclear | 1 Dotclear | 2012-03-20 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2007-3672 | 1 Dotclear | 1 Dotclear | 2008-11-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page. | |||||
CVE-2005-3957 | 1 Dotclear | 1 Dotclear | 2008-09-05 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. |