CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4945 89 3 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
2 CVE-2010-4959 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
3 CVE-2010-4955 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
4 CVE-2010-4954 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
5 CVE-2010-4942 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
6 CVE-2010-4940 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2010-4933 89 2 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
8 CVE-2010-4928 79 2 XSS 2011-10-09 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
9 CVE-2010-4927 89 2 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
10 CVE-2010-4926 89 2 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
11 CVE-2010-4925 89 2 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2010-4921 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
13 CVE-2010-4918 94 2 Exec Code File Inclusion 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
14 CVE-2010-4917 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
15 CVE-2010-4916 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
16 CVE-2010-4915 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
17 CVE-2010-4913 79 2 XSS 2011-10-08 2012-02-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information.
18 CVE-2010-4912 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
19 CVE-2010-4911 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter.
20 CVE-2010-4910 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
21 CVE-2010-4902 89 2 Exec Code Sql 2011-10-08 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
22 CVE-2010-4895 79 2 XSS 2011-10-08 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
23 CVE-2010-4894 89 2 Exec Code Sql 2011-10-08 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
24 CVE-2010-4884 94 2 Exec Code File Inclusion 2011-10-07 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
25 CVE-2010-4874 79 2 XSS 2011-10-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
26 CVE-2010-4872 89 2 Exec Code Sql 2011-10-07 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
27 CVE-2010-4870 89 2 Exec Code Sql 2011-10-07 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
28 CVE-2010-4866 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
29 CVE-2010-4861 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
30 CVE-2010-4860 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
31 CVE-2010-4858 22 2 Dir. Trav. 2011-10-05 2012-02-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
32 CVE-2010-4857 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
33 CVE-2010-4855 89 2 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
34 CVE-2010-4853 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
35 CVE-2011-4062 119 1 DoS Overflow +Priv 2011-10-17 2011-12-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
36 CVE-2011-4026 89 1 Exec Code Sql 2011-10-21 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
37 CVE-2011-4024 79 1 XSS 2011-10-21 2017-12-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
38 CVE-2011-3981 94 1 Exec Code File Inclusion 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
39 CVE-2011-3976 119 1 Exec Code Overflow 2011-10-04 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
40 CVE-2011-3368 20 1 2011-10-05 2018-01-08
5.0
None Remote Low Not required Partial None None
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
41 CVE-2011-2443 119 1 DoS Exec Code Overflow Mem. Corr. 2011-10-04 2012-02-13
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296.
42 CVE-2010-4967 89 1 Exec Code Sql 2011-10-21 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.
43 CVE-2010-4963 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
44 CVE-2010-4958 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
45 CVE-2010-4948 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
46 CVE-2010-4947 79 1 XSS 2011-10-09 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
47 CVE-2010-4946 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
48 CVE-2010-4944 89 1 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
49 CVE-2010-4943 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
50 CVE-2010-4941 89 1 Exec Code Sql 2011-10-09 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
Total number of vulnerabilities : 484   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.