|
256821
|
- |
|
external_links_click_statistics_project
|
external_links_click_statistics
|
Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via uns…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6294
|
2014-10-7 02:46 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256822
|
- |
|
wec_map_project
|
wec_map
|
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-6295
|
2014-10-7 02:46 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256823
|
- |
|
wec_map_project
|
wec_map
|
Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6296
|
2014-10-7 02:46 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256824
|
- |
|
kennziffer
|
statistics
|
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild i…
|
CWE-89
SQL Injection
|
CVE-2014-6293
|
2014-10-7 02:39 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256825
|
- |
|
daniel_lienert
michael_knoll
|
yet_another_gallery
tools_for_extbase_developmen
|
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6289
|
2014-10-7 02:22 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256826
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6297
|
2014-10-7 02:09 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256827
|
- |
|
mm_forum_project
|
mm_forum
|
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access…
|
CWE-94
Code Injection
|
CVE-2014-6298
|
2014-10-7 02:09 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256828
|
- |
|
news_project
|
news
|
The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.
|
CWE-20
Improper Input Validation
|
CVE-2014-6290
|
2014-10-7 01:26 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256829
|
- |
|
maher_zain_project
|
maher_zain
|
The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-310
Cryptographic Issues
|
CVE-2014-6705
|
2014-10-5 09:15 |
2014-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256830
|
- |
|
sportinginnovations
|
utah_jazz
|
The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai…
|
CWE-310
Cryptographic Issues
|
CVE-2014-6704
|
2014-10-5 09:14 |
2014-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
