Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-27 | CVE-2010-4796 | SQL Injection vulnerability in PHPyun 1.1.6 Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php. | 7.5 |
| 2011-04-27 | CVE-2010-4795 | SQL Injection vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. | 7.5 |
| 2011-04-27 | CVE-2010-4794 | Cross-Site Scripting vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. | 4.3 |
| 2011-04-27 | CVE-2010-4793 | SQL Injection vulnerability in Site2Nite Auto E-Manager SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
| 2011-04-27 | CVE-2010-4792 | Cross-Site Scripting vulnerability in Openit Overlook 5.0 Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter. | 4.3 |
| 2011-04-27 | CVE-2010-4791 | SQL Injection vulnerability in Marcusg MG User Fotoalbum Panel 1.0.1 SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. | 7.5 |
| 2011-04-27 | CVE-2010-4790 | Path Traversal vulnerability in In-Mediakg Filterftp 2.0.3/2.0.5 Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | 5.8 |
| 2011-04-27 | CVE-2010-3260 | Permissions, Privileges, and Access Controls vulnerability in Orbeon Forms oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue. | 6.4 |
| 2011-04-27 | CVE-2010-2789 | Code Injection vulnerability in Mediawiki 1.16 PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 6.8 |
| 2011-04-27 | CVE-2010-2788 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | 2.6 |