Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-22 | CVE-2009-4650 | SQL Injection vulnerability in Onnogroen COM Webeecomment 1.1.1/1.2/2.0 SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. | 7.5 |
2010-02-22 | CVE-2010-0676 | Path Traversal vulnerability in Weberr COM Rwcards 3.0.18 Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. | 5.0 |
2010-02-22 | CVE-2010-0675 | Cross-Site Scripting vulnerability in Bgsvetionik BGS CMS 2.2.1 Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. | 4.3 |
2010-02-22 | CVE-2010-0674 | Permissions, Privileges, and Access Controls vulnerability in 2Enetworx Statcountex 3.1 StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | 5.0 |
2010-02-22 | CVE-2010-0673 | SQL Injection vulnerability in Copperleaf Photolog 0.16 SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2010-02-22 | CVE-2010-0672 | SQL Injection vulnerability in Webmastersite WSN Guest 1.02 SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter. | 7.5 |
2010-02-22 | CVE-2010-0671 | SQL Injection vulnerability in Michalin KR Media Pogodny CMS SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action. | 7.5 |
2010-02-22 | CVE-2009-4649 | Cross-Site Scripting vulnerability in Geccbblite 0.1 Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php. | 4.3 |
2010-02-22 | CVE-2010-0670 | Information Exposure vulnerability in Iptechinside COM Jquarks 0.2.2 Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. | 5.0 |
2010-02-22 | CVE-2010-0286 | Security Bypass vulnerability in Typo3 4.3.0 Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | 5.1 |