indoushka vulnerabilities and exploits

7.5
HIGH
CVE-2010-3205

PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter....

TextpatternTextpattern
4.3
MEDIUM
CVE-2007-1905

Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using...

Pineapple TechnologiesQuizshock
NA
CVE-2012-1913

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate...

5
MEDIUM
CVE-2018-15745

Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter....

ArgussurveillanceDvr
4.3
MEDIUM
CVE-2011-0642

Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details are obtained from third...

Network-13N-13 News
7.5
HIGH
CVE-2010-3422

SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php....

SolventusCom Jgen
6.8
MEDIUM
CVE-2012-5320

Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter....

SagemF@st 2604F@st 2604 Firmware
4.3
MEDIUM
CVE-2010-4976

Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party information....

MetinfoMetinfo
7.5
HIGH
CVE-2010-4993

SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php....

Kay MesserschmidtCom Eventcal
7.5
HIGH
CVE-2010-4944

SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php....

JoomlaCom Elite Experts