270671
|
- |
|
pordus
|
pd_portal
|
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-0977
|
2010-03-17 13:00 |
2010-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270672
|
- |
|
obsession-design
|
image-gallery
|
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2010-0979
|
2010-03-17 13:00 |
2010-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270673
|
- |
|
robert_heel
|
cwt_resetbepassword
|
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4710
|
2010-03-17 13:00 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270674
|
- |
|
alexandre_amaral
|
xoops_celepar
|
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4714
|
2010-03-17 13:00 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270675
|
- |
|
gonafish
|
webstatcaffe
|
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this inform…
|
CWE-89
SQL Injection
|
CVE-2009-4718
|
2010-03-17 06:43 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270676
|
- |
|
yuri_d\'elia
|
dl
|
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invali…
|
CWE-79
Cross-site Scripting
|
CVE-2010-0963
|
2010-03-17 04:00 |
2010-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270677
|
- |
|
dirk_maiwert
|
datamints_newsticker
|
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4709
|
2010-03-17 00:03 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270678
|
- |
|
liviu_mitrofan
|
myth_download
|
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4701
|
2010-03-16 13:00 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270679
|
- |
|
markus_barchfeld
|
pm_tour
|
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4702
|
2010-03-16 13:00 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270680
|
- |
|
typo3
|
ws_gallery
|
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2009-4703
|
2010-03-16 13:00 |
2010-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|