This page aggregates publicly disclosed CVE and security risk information related to leif_m._wright, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-0846 | Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | [email protected] | 4.3 | 1.18% | 2006-02-21 | 2026-06-16 |
| CVE-2006-0845 | Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | [email protected] | 6.5 | 1.26% | 2006-02-21 | 2026-06-16 |
| CVE-2006-0844 | Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | [email protected] | 7.5 | 1.64% | 2006-02-21 | 2026-06-16 |
| CVE-2006-0843 | Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | [email protected] | 5.0 | 1.39% | 2006-02-21 | 2026-06-16 |
| CVE-2005-1352 | Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | [email protected] | 4.3 | 1.42% | 2005-05-02 | 2026-06-16 |
| CVE-2005-1351 | The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | [email protected] | 7.5 | 2.63% | 2005-05-02 | 2026-06-16 |
| CVE-2005-1350 | The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | [email protected] | 5.0 | 1.70% | 2005-05-02 | 2026-06-16 |
| CVE-2004-2347 | blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests. | [email protected] | 7.5 | 9.87% | 2004-12-31 | 2026-06-16 |
| CVE-2004-2127 | Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. | [email protected] | 5.0 | 3.62% | 2004-01-20 | 2026-06-16 |
| CVE-2001-0025 | ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | [email protected] | 10.0 | 12.27% | 2001-02-12 | 2026-06-16 |
| CVE-2001-0024 | simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. | [email protected] | 10.0 | 5.45% | 2001-02-12 | 2026-06-16 |
| CVE-2001-0023 | everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | [email protected] | 10.0 | 14.39% | 2001-02-12 | 2026-06-16 |
| CVE-2001-0022 | simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. | [email protected] | 10.0 | 12.57% | 2001-02-12 | 2026-06-16 |