Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4957 | 2 Nadine Schwingler, Typo3 | 2 Ke Questionnaire, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4959 | 1 Preproject | 1 Pre Podcast Portal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2010-4960 | 2 Martin Hesse, Typo3 | 2 Mh Branchenbuch, Typo3 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4961 | 2 Dev-team Typoheads, Typo3 | 2 Webkitpdf, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4962 | 2 Dev-team Typoheads, Typo3 | 2 Webkitpdf, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2010-4967 | 1 Atcom | 1 Netvolution | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | |||||
| CVE-2010-4971 | 2 Joomla, Videowhisper | 2 Joomla\!, Php 2 Way Video Chat | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. | |||||
| CVE-2010-4972 | 1 Ypninc | 1 Jokescript | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter. | |||||
| CVE-2010-4974 | 1 Brotherscripts | 1 Auto Dealer | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php. | |||||
| CVE-2010-4976 | 1 Metinfo | 1 Metinfo | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4978 | 1 Nicholas Berry | 1 Candid | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter. | |||||
| CVE-2010-4979 | 1 Nicholas Berry | 1 Candid | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2010-4981 | 1 Yourfreeworld | 1 Banner Management | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4982 | 1 Mykazaam | 1 Address \& Contact Organizer | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter. | |||||
| CVE-2010-4984 | 1 Mykazaam | 1 Notes Management System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box. | |||||
| CVE-2010-4985 | 1 Mykazaam | 1 Notes Management System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box. | |||||
| CVE-2010-4987 | 1 Kmsoft | 1 Guestbook | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2010-4988 | 1 Familycms | 1 Family Connections Who Is Chatting | 2017-08-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter. | |||||
| CVE-2010-4989 | 1 Farsi-cms | 1 Ziggurat Farsi Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter. | |||||
| CVE-2010-4990 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php. | |||||
| CVE-2010-4991 | 2 Joomla, Ninjaforge | 2 Joomla\!, Ninjamonials | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php. | |||||
| CVE-2010-4992 | 2 Joomla, Paymentsplus | 2 Joomla\!, Payments Plus | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. | |||||
| CVE-2010-4993 | 2 Joomla, Kay Messerschmidt | 2 Joomla\!, Com Eventcal | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2010-4994 | 2 Instantphp, Joomla | 2 Jobs Pro, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. | |||||
| CVE-2010-4995 | 2 Joomla, Neojoomla | 2 Joomla\!, Com Neorecruit | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506. | |||||
| CVE-2010-4996 | 1 Esoftpro | 1 Online Guestbook Pro | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2010-4999 | 1 Esoftpro | 1 Online Photo Pro | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2010-5001 | 1 Esoftpro | 1 Online Contact Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-5003 | 2 Autartica, Joomla | 2 Com Autartimonial, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5007 | 1 Ut-files | 1 Utstats | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter. | |||||
| CVE-2010-5009 | 1 Ut-files | 1 Utstats | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action. | |||||
| CVE-2010-5010 | 1 Schoolmation | 1 Schoolmation | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter. | |||||
| CVE-2010-5011 | 1 Schoolmation | 1 Schoolmation | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter. | |||||
| CVE-2010-5012 | 1 David Noguera Gutierrez | 1 Dalogin | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5013 | 1 Mckenziecreations | 1 Virtual Real Estate Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter. | |||||
| CVE-2010-5014 | 1 Eliteladders | 1 Elite Gaming Ladders | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter. | |||||
| CVE-2010-5015 | 1 2daybiz | 1 Network Community Script | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter. | |||||
| CVE-2010-5016 | 1 Eliteladders | 1 Elite Gaming Ladders | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter. | |||||
| CVE-2010-5017 | 1 Eliteladders | 1 Elite Gaming Ladders | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter. | |||||
| CVE-2010-5021 | 1 Cramerdev | 1 Document Library | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter. | |||||
| CVE-2010-5023 | 1 Cramerdev | 1 Digital Interchange Calendar | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter. | |||||
| CVE-2010-5026 | 1 Sfiab | 1 Science Fair In A Box | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5027 | 1 Sfiab | 1 Science Fair In A Box | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5028 | 2 Harmistechnology, Joomla | 2 Com Jejob, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
| CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | |||||
| CVE-2010-5033 | 1 Fusebox | 1 Fusebox | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter. | |||||
| CVE-2010-5034 | 1 Iscripts | 1 Easybiller | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter. | |||||
| CVE-2010-5035 | 1 Iscripts | 1 Eswap | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5036 | 1 Iscripts | 1 Eswap | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||