CVE Daily
← All years

All CVEs — 2011

Page 4/22.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2011-11-09
Critical

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and applic…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remo…

CVSS: 9.3 CWE: CWE-119
Read more
Low

CVE-2011-3649

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, a…

CVSS: 2.6 CWE: CWE-200
Read more
Medium

CVE-2011-3648

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script o…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2011-3647

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it ea…

CVSS: 9.3 CWE: CWE-20
Read more
2011-11-08
Critical

CVE-2011-4000

Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2011-2449

The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-2448

The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-2447

Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-2446

The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnera…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-2014

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and…

CVSS: 9.0 CWE: CWE-287
Read more
High

CVE-2011-2004

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via…

CVSS: 7.1 CWE: CWE-20
Read more
Low

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…

CVSS: 1.2 CWE: CWE-20
Read more
2011-11-04
High

CVE-2011-4066

SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2011-3989

SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2011-3616

The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.

CVSS: 6.3 CWE: CWE-59
Read more
Medium

CVE-2011-3594

The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (cr…

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2011-3581

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Re…

CVSS: 6.8 CWE: CWE-119
Read more
High

CVE-2011-3330

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 an…

CVSS: 7.2 CWE: CWE-119
Read more
Low

CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote serve…

CVSS: 3.6 CWE: CWE-22
Read more
High

CVE-2011-1513

Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code…

CVSS: 7.5 CWE: CWE-78
Read more
2011-11-03
Medium

CVE-2011-4277

Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-3994

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2011-3992

Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows r…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2011-3986

Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-4102

Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of…

CVSS: 4.3 CWE: CWE-119
Read more
High

CVE-2011-3379

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging pot…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2011-4274

Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-4273

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2011-4005

Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.2…

CVSS: 9.3 CWE: CWE-352
Read more
Medium

CVE-2011-2676

The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote aut…

CVSS: 5.5 CWE: CWE-287
Read more
2011-11-02
Medium

CVE-2010-5045

Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote attackers to inject arbitrary web script or HTML via the catid parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-5044

SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQ…

CVSS: 6.0 CWE: CWE-89
Read more
Medium

CVE-2010-5043

SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editI…

CVSS: 6.0 CWE: CWE-89
Read more
Medium

CVE-2010-5042

Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5041

SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5040

PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2010-5039

SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5038

PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2010-5037

SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5036

SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5035

Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NO…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5034

SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5033

SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5032

SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5031

Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 allows remote attackers to inject arbitrary web script or HTML via the sstring parameter (aka the Search Box). NOTE: some of the…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-5030

Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter in a web action.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5029

SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5028

SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5027

Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE:…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-5026

SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these deta…

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2010-5025

Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of t…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2010-5024

SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter…

CVSS: 6.0 CWE: CWE-89
Read more
High

CVE-2010-5023

SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5022

SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5021

SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5020

SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5019

SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5018

Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid paramet…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5017

SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5016

SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5015

SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5014

SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5013

SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5012

SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third pa…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5011

SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5010

Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5009

SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5008

SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5007

Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5006

SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5005

Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5004

SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-5000

SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4998

PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore para…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2010-4997

SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4971

Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-4075

The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine act…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2011-4074

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2011-3320

Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTM…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2011-1919

Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2011-1918

Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service…

CVSS: 10.0 CWE: CWE-119
Read more
2011-11-01
High

CVE-2010-5003

SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-5002

Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-5001

SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4999

SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4996

SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4995

SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4994

SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4993

SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4992

SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4991

SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4990

SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4989

SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4988

PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TM…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2010-4987

SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4986

SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4985

Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Nu…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4984

SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text b…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4983

SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4982

SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4981

SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtaine…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4980

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4979

SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4978

Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4977

SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4976

Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE:…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4975

SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4974

SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2010-4973

Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provena…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2010-4972

SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4970

SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4969

SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2010-4968

SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2011-4215

SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variabl…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2011-4214

OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.

CVSS: 10.0 CWE: CWE-287
Read more
Medium

CVE-2011-4064

Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2011-1915

SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more