|
279391
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3948
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279392
|
- |
|
ericom
|
accessnow_server
|
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3913
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279393
|
- |
|
freebsd
hp
fedoraproject
sendmail
|
freebsd
hpux
fedora
sendmail
|
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access uninte…
|
CWE-200
Information Exposure
|
CVE-2014-3956
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279394
|
- |
|
f5
|
big-ip_protocol_security_module
big-ip_advanced_firewall_manager
big-ip_edge_gateway
big-ip_local_traffic_manager
big-ip_wan_optimization_manager
big-ip_link_controller
big-ip_appli…
|
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3959
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279395
|
- |
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3946
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279396
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot…
|
CWE-287
Improper Authentication
|
CVE-2014-3945
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279397
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-3944
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279398
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3943
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279399
|
- |
|
typo3
|
typo3
|
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via …
|
CWE-94
Code Injection
|
CVE-2014-3942
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279400
|
- |
|
typo3
|
typo3
|
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, rela…
|
CWE-20
Improper Input Validation
|
CVE-2014-3941
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
