Jigal Van Hemert

**Name of the Vulnerable Software and Affected Versions** powermail extension versions 2.0.0 through 2.0.10 **Description** The issue allows remote attackers to bypass the CAPTCHA protection mechanism. **Recommendations** For powermail extension versions 2.0.0 through 2.0.10, update to version 2.0.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CoolURI (cooluri) versions 1.0.11 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For CoolURI (cooluri) versions 1.0.11 and earlier, update to a version later than 1.0.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JobControl (dmmjobcontrol) version 1.15.0 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For JobControl (dmmjobcontrol) version 1.15.0 and earlier, update to a version later than 1.15.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** dmmjobcontrol versions 1.15.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.15.0 and earlier, update to a version later than 1.15.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** nepa-design.de Spam Protection (nd antispam) extension version 1.0.3 **Description** The issue allows remote attackers to modify configuration via unknown vectors. **Recommendations** For nepa-design.de Spam Protection (nd antispam) extension version 1.0.3, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Diocese of Portsmouth Training Courses (pd trainingcourses) extension version 0.1.1 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension air filemanager versions 0.6.1 and earlier **Description** The issue allows remote attackers to execute arbitrary commands. The exact vectors used for the attack are not specified. **Recommendations** For versions 0.6.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Random Prayer (ste prayer) version 0.0.1 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For version 0.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fussballtippspiel (toto) versions 0.1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.1 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TARGET-E WorldCup Bets (worldcup) versions 2.0.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 2.0.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TARGET-E WorldCup Bets (worldcup) versions 2.0.0 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unknown vectors, potentially affecting the security of the system. **Recommendations** For versions 2.0.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Download system (sb downloader) extension versions 0.1.4 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.4 and earlier, update to a version later than 0.1.4 to resolve the issue.