|
280221
|
- |
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3946
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280222
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot…
|
CWE-287
Improper Authentication
|
CVE-2014-3945
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280223
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-3944
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280224
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3943
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280225
|
- |
|
typo3
|
typo3
|
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via …
|
CWE-94
Code Injection
|
CVE-2014-3942
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280226
|
- |
|
typo3
|
typo3
|
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, rela…
|
CWE-20
Improper Input Validation
|
CVE-2014-3941
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280227
|
- |
|
ajaydsouza
|
contextual_related_posts
|
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-3937
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280228
|
- |
|
dlink
|
dir505_shareport_mobile_companion_firmware
dir505_shareport_mobile_companion
dir505l_shareport_mobile_companion_firmware
dir-505l_shareport_mobile_companion
dsp-w215_firmware
dsp-w215
|
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3936
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280229
|
- |
|
xoops
|
glossaire_module
|
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
|
CWE-89
SQL Injection
|
CVE-2014-3935
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280230
|
- |
|
phpnuke
|
php-nuke
submit_news_module
|
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
|
CWE-89
SQL Injection
|
CVE-2014-3934
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
