Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dotclear Subscribe
Filtered by product Dotclear
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5651 1 Dotclear 1 Dotclear 2015-10-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5316 1 Dotclear 1 Dotclear 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
CVE-2014-3782 1 Dotclear 1 Dotclear 2014-06-12 6.0 MEDIUM N/A
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
CVE-2014-3781 1 Dotclear 1 Dotclear 2014-06-12 5.8 MEDIUM N/A
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
CVE-2014-1613 1 Dotclear 1 Dotclear 2014-05-16 7.5 HIGH N/A
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/public/lib.urlhandlers.php or (2) plugins/pages/_public.php.
CVE-2011-1584 1 Dotclear 1 Dotclear 2012-04-26 6.5 MEDIUM N/A
The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5083 1 Dotclear 1 Dotclear 2012-03-20 7.5 HIGH N/A
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2007-3672 1 Dotclear 1 Dotclear 2008-11-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
CVE-2005-3957 1 Dotclear 1 Dotclear 2008-09-05 10.0 HIGH N/A
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.