|
355801
|
6.8 |
MEDIUM
|
phpkobo
|
short_url
|
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1060
|
2010-03-24 13:00 |
2010-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355802
|
6.8 |
MEDIUM
|
phpkobo
|
free_real_estate_contact_form_script
|
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via …
|
CWE-22
パス・トラバーサル
|
CVE-2010-1063
|
2010-03-24 13:00 |
2010-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355803
|
7.5 |
HIGH
|
entrylevelcms
|
el_cms
|
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-1075
|
2010-03-24 13:00 |
2010-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355804
|
7.5 |
HIGH
|
ryan_marshall
|
rostermain
|
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.
|
CWE-89
SQLインジェクション
|
CVE-2010-1046
|
2010-03-23 22:53 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355805
|
7.5 |
HIGH
|
jaxcms
|
jaxcms
|
Directory traversal vulnerability in index.php in jaxCMS 1.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2010-1043
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355806
|
7.5 |
HIGH
|
design-cars
|
com_productbook
|
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index…
|
CWE-89
SQLインジェクション
|
CVE-2010-1045
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355807
|
4.3 |
MEDIUM
|
uiga
|
business_portal
|
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) i…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1048
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355808
|
7.5 |
HIGH
|
alexandre_dubus
|
audistat
|
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-1050
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355809
|
7.5 |
HIGH
|
alexandre_dubus
|
audistat
|
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this i…
|
CWE-89
SQLインジェクション
|
CVE-2010-1051
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355810
|
4.3 |
MEDIUM
|
alexandre_dubus
|
audistat
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the pro…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1052
|
2010-03-23 13:00 |
2010-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355811
|
7.5 |
HIGH
|
marcus_krause
|
t3sec_saltedpw
|
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2010-1022
|
2010-03-23 02:17 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355812
|
4.3 |
MEDIUM
|
sk-typo3
|
sk_simplegallery
|
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1020
|
2010-03-23 01:58 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355813
|
7.5 |
HIGH
|
mathias_schreiber
|
nf_cleandb
|
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1012
|
2010-03-23 00:04 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355814
|
4.3 |
MEDIUM
|
viewvc
|
viewvc
|
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0736
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355815
|
7.5 |
HIGH
|
mischa_heimann
|
yatse
|
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1004
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355816
|
4.3 |
MEDIUM
|
mischa_heimann
|
yatse
|
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1005
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355817
|
7.5 |
HIGH
|
typo3
|
brainstorming
|
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1006
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355818
|
5.0 |
MEDIUM
|
chi_hoang
|
ch_lightem
|
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
|
CWE-200
情報漏えい
|
CVE-2010-1007
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355819
|
4.3 |
MEDIUM
|
christian_hennecke
|
chsellector
|
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unsp…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1008
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355820
|
7.5 |
HIGH
|
joachim-ruhs
|
educator
|
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1009
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355821
|
7.5 |
HIGH
|
matthias_kall
|
mk_wastebasket
|
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1010
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355822
|
4.3 |
MEDIUM
|
steffen_kamper
|
reports_logview
|
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1014
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355823
|
7.5 |
HIGH
|
laurent_foulloy
|
sav_filter_selectors
|
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1016
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355824
|
7.5 |
HIGH
|
laurent_foulloy
|
sav_filter_months
|
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1017
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355825
|
7.5 |
HIGH
|
jochen_rau
|
sk_bookreview
|
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1018
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355826
|
7.5 |
HIGH
|
sk-typo3
|
sk_simplegallery
|
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2010-1019
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355827
|
4.3 |
MEDIUM
|
mads_brunn
|
t3quixplorer
|
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1021
|
2010-03-22 13:00 |
2010-03-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355828
|
7.2 |
HIGH
|
gnome
|
screensaver
|
gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate …
|
NVD-CWE-Other
|
CVE-2009-4642
|
2010-03-22 13:00 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355829
|
7.5 |
HIGH
|
dmanager
|
documentmanager
|
Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights.
|
NVD-CWE-noinfo
|
CVE-2010-0612
|
2010-03-18 13:00 |
2010-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355830
|
4.6 |
MEDIUM
|
citrix
|
xenserver
|
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2010-0633
|
2010-03-18 13:00 |
2010-02-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355831
|
4.3 |
MEDIUM
|
joomlamo
|
com_cartweberp
|
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to in…
|
CWE-22
パス・トラバーサル
|
CVE-2010-0982
|
2010-03-18 03:44 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355832
|
6.8 |
MEDIUM
|
dzcp
|
dev\!l\'z_clanportal
|
PHP remote file inclusion vulnerability in inc/config.php in deV!L`z Clanportal (DZCP) 1.5.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the …
|
CWE-94
コード・インジェクション
|
CVE-2010-0966
|
2010-03-17 22:27 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355833
|
7.5 |
HIGH
|
geekhelps
|
admp
|
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.
|
CWE-89
SQLインジェクション
|
CVE-2010-0968
|
2010-03-17 13:00 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355834
|
5.0 |
MEDIUM
|
pordus
|
pd_portal
|
PD PORTAL 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0977
|
2010-03-17 13:00 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355835
|
4.3 |
MEDIUM
|
obsession-design
|
image-gallery
|
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0979
|
2010-03-17 13:00 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355836
|
7.5 |
HIGH
|
robert_heel
|
cwt_resetbepassword
|
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4710
|
2010-03-17 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355837
|
4.3 |
MEDIUM
|
alexandre_amaral
|
xoops_celepar
|
Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4714
|
2010-03-17 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355838
|
7.5 |
HIGH
|
gonafish
|
webstatcaffe
|
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this inform…
|
CWE-89
SQLインジェクション
|
CVE-2009-4718
|
2010-03-17 06:43 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355839
|
4.3 |
MEDIUM
|
yuri_d\'elia
|
dl
|
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invali…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-0963
|
2010-03-17 04:00 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355840
|
7.5 |
HIGH
|
dirk_maiwert
|
datamints_newsticker
|
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4709
|
2010-03-17 00:03 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355841
|
7.5 |
HIGH
|
liviu_mitrofan
|
myth_download
|
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4701
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355842
|
7.5 |
HIGH
|
markus_barchfeld
|
pm_tour
|
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4702
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355843
|
7.5 |
HIGH
|
typo3
|
ws_gallery
|
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2009-4703
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355844
|
5.0 |
MEDIUM
|
typo3
|
ws_ecard
|
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2009-4704
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355845
|
4.3 |
MEDIUM
|
thomas_loeffler
|
twittersearch
|
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4705
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355846
|
4.3 |
MEDIUM
|
sebastian_winterhalder
|
mailform
|
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4706
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355847
|
4.3 |
MEDIUM
|
maximo_cuadros
|
gb_fenewssubmit
|
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2009-4707
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355848
|
7.5 |
HIGH
|
maximo_cuadros
|
gb_fenewssubmit
|
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecif…
|
CWE-89
SQLインジェクション
|
CVE-2009-4708
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355849
|
7.5 |
HIGH
|
jan_bednarik
|
cooluri
|
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability tha…
|
CWE-89
SQLインジェクション
|
CVE-2009-4711
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355850
|
7.5 |
HIGH
|
tukanas
|
easyclassifieds_script
|
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
|
CWE-89
SQLインジェクション
|
CVE-2009-4712
|
2010-03-16 13:00 |
2010-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
