|
278161
|
- |
|
mmonit
|
m\/monit
|
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and…
|
CWE-255
Credentials Management
|
CVE-2014-6607
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278162
|
- |
|
mmonit
|
m\/monit
|
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the ful…
|
CWE-352
Origin Validation Error
|
CVE-2014-6409
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278163
|
- |
|
phpcompta
|
phpcompta\/noalyss
|
backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.
|
CWE-94
Code Injection
|
CVE-2014-6389
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278164
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspe…
|
CWE-352
Origin Validation Error
|
CVE-2014-6299
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278165
|
- |
|
mm_forum_project
|
mm_forum
|
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access…
|
CWE-94
Code Injection
|
CVE-2014-6298
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278166
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6297
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278167
|
- |
|
wec_map_project
|
wec_map
|
Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6296
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278168
|
- |
|
wec_map_project
|
wec_map
|
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-6295
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278169
|
- |
|
external_links_click_statistics_project
|
external_links_click_statistics
|
Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via uns…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6294
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278170
|
- |
|
kennziffer
|
statistics
|
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i…
|
CWE-89
SQL Injection
|
CVE-2014-6293
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
