Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4656 | SQL Injection vulnerability in Typo3 Frontend Users View 0.1.2/0.1.3 SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-10-22 | CVE-2008-4655 | SQL Injection vulnerability in Typo3 Simplesurvey SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-10-22 | CVE-2008-4653 | SQL Injection vulnerability in Xoops Makale 0.26 SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-10-22 | CVE-2008-4652 | Buffer Errors vulnerability in Dart Powertcp FTP for Activex 2.0.2.0 Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property. | 9.3 |
| 2008-10-22 | CVE-2008-4651 | SQL Injection vulnerability in Jetbox CMS 2.1 Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php. | 6.0 |
| 2008-10-22 | CVE-2008-4650 | SQL Injection vulnerability in Mywebland Myevent 1.6 SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter. | 7.5 |
| 2008-10-22 | CVE-2008-4649 | Improper Authentication vulnerability in Elxis CMS 2008.1 Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 7.5 |
| 2008-10-22 | CVE-2008-4648 | Cross-Site Scripting vulnerability in Elxis CMS 2008.1 Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. | 4.3 |
| 2008-10-22 | CVE-2008-4647 | SQL Injection vulnerability in Sweetcms 1.5.2 SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2008-10-22 | CVE-2008-4646 | Credentials Management vulnerability in Websense Enterpise 6.3.2 The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database. | 2.1 |