Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes...
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained...
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828. Date published : 2008-12-31 http://www.securityfocus.com/bid/32161...
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. Date published : 2008-12-31 http://www.securityfocus.com/bid/32198 https://www.exploit-db.com/exploits/7050
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third...
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. Date published : 2008-12-31 http://www.securityfocus.com/bid/32197 https://www.exploit-db.com/exploits/7048
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32234 http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32237 http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32237...
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32231 http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32230 http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32228 http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-12-31 http://www.securityfocus.com/bid/32228...
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. Date published : 2008-12-31 http://www.securityfocus.com/bid/32158 https://www.exploit-db.com/exploits/7022