CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2010-4875 79 1 XSS 2011-10-07 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.
452 CVE-2010-4874 79 2 XSS 2011-10-07 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
453 CVE-2010-4873 79 1 XSS 2011-10-07 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
454 CVE-2010-4872 89 2 Exec Code Sql 2011-10-07 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
455 CVE-2010-4871 2011-10-07 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename.
456 CVE-2010-4870 89 2 Exec Code Sql 2011-10-07 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
457 CVE-2010-4869 89 1 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
458 CVE-2010-4868 79 1 XSS 2011-10-05 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
459 CVE-2010-4867 22 Dir. Trav. 2011-10-05 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
460 CVE-2010-4866 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
461 CVE-2010-4865 89 1 Exec Code Sql 2011-10-05 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
462 CVE-2010-4864 89 1 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
463 CVE-2010-4863 79 1 XSS 2011-10-05 2018-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
464 CVE-2010-4862 89 1 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
465 CVE-2010-4861 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
466 CVE-2010-4860 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
467 CVE-2010-4859 89 1 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
468 CVE-2010-4858 22 2 Dir. Trav. 2011-10-05 2012-02-13
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
469 CVE-2010-4857 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
470 CVE-2010-4856 89 1 Exec Code Sql 2011-10-05 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
471 CVE-2010-4855 89 2 Exec Code Sql 2011-10-05 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
472 CVE-2010-4854 89 Exec Code Sql 2011-10-05 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action.
473 CVE-2010-4853 89 2 Exec Code Sql 2011-10-05 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
474 CVE-2010-0780 399 DoS 2011-10-29 2017-08-16
4.3
None Remote Medium Not required None None Partial
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.
475 CVE-2009-5103 79 1 XSS 2011-10-21 2012-05-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.
476 CVE-2009-5102 89 1 Exec Code Sql 2011-10-21 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
477 CVE-2009-2748 79 XSS 2011-10-30 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
478 CVE-2009-2747 264 +Info 2011-10-30 2017-08-16
5.0
None Remote Low Not required Partial None None
The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.
479 CVE-2009-0905 20 +Priv 2011-10-30 2017-08-16
1.7
None Local Low Single system None Partial None
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
480 CVE-2009-0900 119 Overflow +Priv 2011-10-30 2017-08-16
4.1
None Local Medium Single system Partial Partial Partial
Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
481 CVE-2008-7302 89 Exec Code Sql 2011-10-04 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
482 CVE-2008-7301 89 Exec Code Sql 2011-10-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
483 CVE-2008-7300 264 Bypass 2011-10-04 2012-05-14
8.5
None Remote Medium Single system Complete Complete Complete
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.
484 CVE-2000-1247 16 2011-10-04 2017-08-28
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
Total number of vulnerabilities : 484   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.