|
347111
|
- |
|
freestyle
|
faqs_lite
|
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq actio…
|
CWE-89
SQL Injection
|
CVE-2010-1529
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347112
|
- |
|
redcomponent
|
com_redshop
|
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2010-1531
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347113
|
- |
|
joomla.batjo
|
com_shoutbox
|
Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2010-1534
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347114
|
- |
|
francois_bissonnette
|
phpcdb
|
Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_global parameter to (1) first…
|
CWE-22
Path Traversal
|
CVE-2010-1537
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347115
|
- |
|
bluestrikeweb
|
phpraincheck
|
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2010-1538
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347116
|
- |
|
john_vandyk
|
workflow
|
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users t…
|
CWE-79
Cross-site Scripting
|
CVE-2010-1539
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347117
|
- |
|
etracker
|
etracker
|
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2010-1543
|
2017-08-17 10:32 |
2010-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347118
|
- |
|
chaos_tool_suite_project
|
ctools
|
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page m…
|
CWE-94
Code Injection
|
CVE-2010-1546
|
2017-08-17 10:32 |
2010-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347119
|
- |
|
chaos_tool_suite_project
|
ctools
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrat…
|
CWE-352
Origin Validation Error
|
CVE-2010-1547
|
2017-08-17 10:32 |
2010-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347120
|
- |
|
chaos_tool_suite_project
|
ctools
|
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-1548
|
2017-08-17 10:32 |
2010-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
