Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-01-15 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-01-15 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/ http://typo3.org/extensions/repository/view/jf_easymaps/1.0.3/
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript." Date published :...
Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/cs2_unitconv/1.0.5/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. Date...
Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/devlog/2.9.2/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/sb_folderdownload/0.2.3/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/ref_list/1.0.2/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/goof_fotoboek/1.7.15/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-01-15 http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/ http://typo3.org/extensions/repository/view/mk_anydropdownmenu/0.4.0/info/ChangeLog/
Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. Date published : 2010-01-15 http://www.securityfocus.com/bid/37701 http://www.exploit-db.com/exploits/11073
Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. Date published : 2010-01-15 http://www.exploit-db.com/exploits/11108 http://packetstormsecurity.org/1001-exploits/glittercentral-xss.txt
Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third...
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow...