Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-09 | CVE-2010-4952 | SQL Injection vulnerability in Joachim Ruhs Festat 0.1.6/0.1.8/0.1.9 SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-09 | CVE-2010-4951 | Cross-Site Scripting vulnerability in Thomas Mammitzsch VX Xajax Shoutbox Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-09 | CVE-2010-4950 | SQL Injection vulnerability in Joachim Ruhs Event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-09 | CVE-2010-4949 | Cross-Site Scripting vulnerability in Evnix Freichat and Freichatpure Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. | 4.3 |
2011-10-09 | CVE-2010-4948 | Code Injection vulnerability in PHPgalleryscript PHP Free Photo Gallery PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 7.5 |
2011-10-09 | CVE-2010-4947 | Cross-Site Scripting vulnerability in Allpcscript Allpc 2.5 Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 4.3 |
2011-10-09 | CVE-2010-4946 | SQL Injection vulnerability in Allpcscript Allpc 2.5 SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | 7.5 |
2011-10-09 | CVE-2010-4945 | SQL Injection vulnerability in Joomla COM Camelcitydb2 2.2 SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
2011-10-09 | CVE-2010-4944 | SQL Injection vulnerability in Joomla COM Elite Experts SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. | 7.5 |
2011-10-09 | CVE-2010-4943 | Code Injection vulnerability in Brothersoft Saurus CMS 4.7.0 Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | 7.5 |