Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. Date published : 2010-07-22 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-07-22 http://typo3.org/extensions/repository/view/a21glossary_advanced_output/0.1.12/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2010-07-22 http://typo3.org/extensions/repository/view/locator/1.2.8/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-07-22 http://typo3.org/extensions/repository/view/locator/1.2.8/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. Date published : 2010-07-22 http://www.securityfocus.com/bid/34350 http://www.securityfocus.com/archive/1/502360/100/0/threaded
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action...
AdPeeps 8.5d1 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via requests to index.php. Date published : 2010-07-22 http://www.securityfocus.com/archive/1/503855/100/0/threaded http://www.securityfocus.com/archive/1/503911/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE:...
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin...
Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items. Date published : 2010-07-22 http://holisticinfosec.org/content/view/115/45/ http://secunia.com/advisories/35173
Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter. Date published : 2010-07-22 http://holisticinfosec.org/content/view/115/45/ http://www.osvdb.org/54798
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. Date published : 2010-07-22 http://www.exploit-db.com/exploits/8829
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid...
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. Date published...