|
282631
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-3944
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282632
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3943
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282633
|
- |
|
typo3
|
typo3
|
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via …
|
CWE-94
Code Injection
|
CVE-2014-3942
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282634
|
- |
|
typo3
|
typo3
|
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, rela…
|
CWE-20
Improper Input Validation
|
CVE-2014-3941
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282635
|
- |
|
ajaydsouza
|
contextual_related_posts
|
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-3937
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282636
|
- |
|
dlink
|
dir505_shareport_mobile_companion_firmware
dir505_shareport_mobile_companion
dir505l_shareport_mobile_companion_firmware
dir-505l_shareport_mobile_companion
dsp-w215_firmware
dsp-w215
|
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3936
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282637
|
- |
|
xoops
|
glossaire_module
|
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
|
CWE-89
SQL Injection
|
CVE-2014-3935
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282638
|
- |
|
phpnuke
|
php-nuke
submit_news_module
|
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
|
CWE-89
SQL Injection
|
CVE-2014-3934
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282639
|
- |
|
newsignature
|
addressfield_tokens
|
Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3933
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282640
|
- |
|
cososys
|
endpoint_protector
|
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands vi…
|
CWE-89
SQL Injection
|
CVE-2014-3932
|
2024-11-21 11:09 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
