CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1247 16 2011-10-04 2017-08-28
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
2 CVE-2008-7300 264 Bypass 2011-10-04 2012-05-14
8.5
None Remote Medium Single system Complete Complete Complete
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.
3 CVE-2008-7301 89 Exec Code Sql 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
4 CVE-2008-7302 89 Exec Code Sql 2011-10-04 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
5 CVE-2009-0900 119 Overflow +Priv 2011-10-30 2017-08-16
4.1
None Local Medium Single system Partial Partial Partial
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
6 CVE-2009-0905 20 +Priv 2011-10-30 2017-08-16
1.7
None Local Low Single system None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
7 CVE-2009-2747 264 +Info 2011-10-30 2017-08-16
5.0
None Remote Low Not required Partial None None
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
8 CVE-2009-2748 79 XSS 2011-10-30 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2009-5102 89 1 Exec Code Sql 2011-10-21 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
10 CVE-2009-5103 79 1 XSS 2011-10-21 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
11 CVE-2010-0780 399 DoS 2011-10-29 2017-08-16
4.3
None Remote Medium Not required None None Partial
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
12 CVE-2010-4853 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
13 CVE-2010-4854 89 Exec Code Sql 2011-10-05 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action.
14 CVE-2010-4855 89 2 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
15 CVE-2010-4856 89 1 Exec Code Sql 2011-10-05 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
16 CVE-2010-4857 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
17 CVE-2010-4858 22 2 Dir. Trav. 2011-10-05 2012-02-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
18 CVE-2010-4859 89 1 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
19 CVE-2010-4860 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2010-4861 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
21 CVE-2010-4862 89 1 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
22 CVE-2010-4863 79 1 XSS 2011-10-05 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
23 CVE-2010-4864 89 1 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
24 CVE-2010-4865 89 1 Exec Code Sql 2011-10-05 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
25 CVE-2010-4866 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
26 CVE-2010-4867 22 Dir. Trav. 2011-10-05 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
27 CVE-2010-4868 79 1 XSS 2011-10-05 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
28 CVE-2010-4869 89 1 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
29 CVE-2010-4870 89 2 Exec Code Sql 2011-10-07 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
30 CVE-2010-4871 2011-10-07 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename.
31 CVE-2010-4872 89 2 Exec Code Sql 2011-10-07 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
32 CVE-2010-4873 79 1 XSS 2011-10-07 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
33 CVE-2010-4874 79 2 XSS 2011-10-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
34 CVE-2010-4875 79 1 XSS 2011-10-07 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
35 CVE-2010-4876 89 1 Exec Code Sql 2011-10-07 2017-11-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
36 CVE-2010-4877 79 1 XSS 2011-10-07 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
37 CVE-2010-4878 94 1 Exec Code File Inclusion 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
38 CVE-2010-4879 94 1 Exec Code File Inclusion 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
39 CVE-2010-4880 79 1 XSS 2011-10-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
40 CVE-2010-4881 352 1 CSRF 2011-10-07 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
41 CVE-2010-4882 79 XSS 2011-10-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1.6 allows remote attackers to inject arbitrary web script or HTML via the sitetitle parameter.
42 CVE-2010-4883 79 1 XSS 2011-10-07 2017-08-28
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.
43 CVE-2010-4884 94 2 Exec Code File Inclusion 2011-10-07 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
44 CVE-2010-4885 79 XSS 2011-10-07 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
45 CVE-2010-4886 79 XSS 2011-10-07 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
46 CVE-2010-4887 89 Exec Code Sql 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
47 CVE-2010-4888 89 Exec Code Sql 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
48 CVE-2010-4889 Exec Code 2011-10-07 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
49 CVE-2010-4890 79 XSS 2011-10-07 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
50 CVE-2010-4891 89 Exec Code Sql 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 484   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.