Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-04-10 | CVE-2011-1667 | SQL Injection vulnerability in Xmedien Anzeigenmarkt 2011 SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. | 7.5 |
2011-04-10 | CVE-2011-1666 | Information Exposure vulnerability in Metaways Tine 2.0 Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path. | 5.0 |
2011-04-10 | CVE-2011-1665 | Permissions, Privileges, and Access Controls vulnerability in PHPboost 3.0 PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | 5.0 |
2011-04-10 | CVE-2011-1664 | Cross-Site Request Forgery (CSRF) vulnerability in Icanlocalize Translation Management Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2011-04-10 | CVE-2011-1663 | SQL Injection vulnerability in Icanlocalize Translation Management SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-04-10 | CVE-2011-1662 | Cross-Site Scripting vulnerability in Icanlocalize Translation Management Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-04-10 | CVE-2011-1661 | Permissions, Privileges, and Access Controls vulnerability in Nicholas Thompson Node Quick Find 6.X1.1 The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. | 5.0 |
2011-04-10 | CVE-2011-1660 | Cross-Site Scripting vulnerability in Grapecity Data Dynamics Reports Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx. | 4.3 |
2011-04-10 | CVE-2011-0466 | Permissions, Privileges, and Access Controls vulnerability in Novell Opensuse Build Service The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | 6.4 |
2011-04-10 | CVE-2011-0462 | Cross-Site Scripting vulnerability in Novell Opensuse Build Service Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |