|
288011
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspe…
|
CWE-352
Origin Validation Error
|
CVE-2014-6299
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288012
|
- |
|
mm_forum_project
|
mm_forum
|
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access…
|
CWE-94
Code Injection
|
CVE-2014-6298
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288013
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6297
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288014
|
- |
|
wec_map_project
|
wec_map
|
Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6296
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288015
|
- |
|
wec_map_project
|
wec_map
|
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-6295
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288016
|
- |
|
external_links_click_statistics_project
|
external_links_click_statistics
|
Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via uns…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6294
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288017
|
- |
|
kennziffer
|
statistics
|
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i…
|
CWE-89
SQL Injection
|
CVE-2014-6293
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288018
|
- |
|
in2code
|
femanager
|
The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-6292
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288019
|
- |
|
alphabetic_sitemap_project
|
alphabetic_sitemap
|
Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6291
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288020
|
- |
|
news_project
|
news
|
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
|
CWE-20
Improper Input Validation
|
CVE-2014-6290
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
