indoushka vulnerabilities and exploits

6.8
CVSSv2
CVE-2009-3219

Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter....

The-ghostAr Web Content Manager
4.3
CVSSv2
CVE-2007-1905

Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using...

Pineapple TechnologiesQuizshock
NA
CVE-2012-1913

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate...

5
CVSSv2
CVE-2018-15745

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter....

ArgussurveillanceDvr
7.5
CVSSv2
CVE-2010-3422

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php....

SolventusCom Jgen
4.3
CVSSv2
CVE-2011-0642

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third...

Network-13N-13 News
6.8
CVSSv2
CVE-2012-5320

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter....

SagemF@st 2604F@st 2604 Firmware
4.3
CVSSv2
CVE-2010-4976

Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information....

Metinfo
7.5
CVSSv2
CVE-2010-4993

SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php....

Kay MesserschmidtCom Eventcal
6.8
CVSSv2
CVE-2018-17980

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan...

Nomachine