SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2009-03-13 http://www.securityfocus.com/bid/31264 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2009-03-13 http://www.securityfocus.com/bid/31254 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2009-03-13 http://www.securityfocus.com/bid/31239 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published :...
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2009-03-13 http://www.securityfocus.com/bid/31258 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2009-03-13 http://www.securityfocus.com/bid/31261 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote attackers to hijack web sessions via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information....
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action. Date published : 2009-03-13 http://www.securityfocus.com/bid/31282 https://www.exploit-db.com/exploits/6511
Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. Date published : 2009-03-13 http://www.securityfocus.com/bid/31299 https://www.exploit-db.com/exploits/6520
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2009-03-13 http://www.securityfocus.com/bid/31277 https://www.exploit-db.com/exploits/6504
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509. Date published : 2009-03-13 http://www.securityfocus.com/bid/31274 https://www.exploit-db.com/exploits/6505
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and...
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the default_language parameter. Date published : 2009-03-12 http://www.securityfocus.com/bid/34029 https://www.exploit-db.com/exploits/8168
Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3)...