Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. Date published :...
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file...
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified...
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML...
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. Date published : 2012-05-21 http://www.exploit-db.com/exploits/18845 https://exchange.xforce.ibmcloud.com/vulnerabilities/75501
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. Date published : 2012-05-21 http://www.securityfocus.com/bid/53472 http://www.exploit-db.com/exploits/18858
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter. Date published : 2012-05-21 http://www.securityfocus.com/bid/53472 http://www.exploit-db.com/exploits/18858
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. Date published...
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. Date published :...
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php....
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. Date published : 2012-05-21 http://www.securityfocus.com/bid/53448 http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. Date published : 2012-05-21 http://www.securityfocus.com/bid/53448 http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to...