Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-23 | CVE-2010-0693 | SQL Injection vulnerability in Commodityrentals Trade Manager Script SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2010-02-23 | CVE-2010-0692 | SQL Injection vulnerability in Iptechinside COM Jquarks 0.2.2/0.2.3 SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
2010-02-23 | CVE-2010-0691 | SQL Injection vulnerability in Jtl-Software Jtl-Shop 2 SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter. | 7.5 |
2010-02-23 | CVE-2010-0690 | SQL Injection vulnerability in Commodityrentals Video Games Rentals SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action. | 7.5 |
2010-02-22 | CVE-2010-0681 | Permissions, Privileges, and Access Controls vulnerability in Zeuscms 0.2 ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | 5.0 |
2010-02-22 | CVE-2010-0680 | Path Traversal vulnerability in Zeuscms 0.2 Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | 7.5 |
2010-02-22 | CVE-2010-0679 | Buffer Errors vulnerability in Hyleos Chemview 1.9.5.1 Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods. | 9.3 |
2010-02-22 | CVE-2010-0678 | Code Injection vulnerability in Katalog.Hurricane Katalog Stron Hurricane 1.3.5 PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter. | 6.8 |
2010-02-22 | CVE-2010-0677 | SQL Injection vulnerability in Katalog.Hurricane Katalog Stron Hurricane 1.3.5 SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter. | 7.5 |
2010-02-22 | CVE-2009-4651 | Cross-Site Scripting vulnerability in Onnogroen COM Webeecomment 1.1.1/1.2/2.0 Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors. | 4.3 |