258541
|
- |
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3946
|
2014-06-5 00:26 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258542
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot…
|
CWE-287
Improper Authentication
|
CVE-2014-3945
|
2014-06-5 00:24 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258543
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-3944
|
2014-06-5 00:15 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258544
|
- |
|
trianglemicroworks
|
scada_data_gateway
|
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
|
CWE-20
Improper Input Validation
|
CVE-2014-2343
|
2014-06-4 23:00 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258545
|
- |
|
alfresco
|
alfresco
|
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2939
|
2014-06-4 00:30 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258546
|
- |
|
ajaydsouza
|
contextual_related_posts
|
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-3937
|
2014-06-4 00:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258547
|
- |
|
redhat
|
openstack
|
The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid…
|
CWE-287
Improper Authentication
|
CVE-2013-6470
|
2014-06-4 00:00 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258548
|
- |
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4596
|
2014-06-3 23:49 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258549
|
- |
|
dleviet
|
datalife_engine
|
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
|
NVD-CWE-Other
|
CVE-2013-7387
|
2014-06-3 22:10 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258550
|
- |
|
dleviet
|
datalife_engine
|
Per: http://cwe.mitre.org/data/definitions/384.html
"CWE-384: Session Fixation"
|
NVD-CWE-Other
|
CVE-2013-7387
|
2014-06-3 22:10 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|