Export limit exceeded: 364053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6290 | 1 News Project | 1 News | 2025-04-12 | N/A |
| The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. | ||||
| CVE-2014-6291 | 1 Alphabetic Sitemap Project | 1 Alphabetic Sitemap | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6292 | 1 In2code | 1 Femanager | 2025-04-12 | N/A |
| The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors. | ||||
| CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2025-04-12 | N/A |
| SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. | ||||
| CVE-2014-6294 | 1 External Links Click Statistics Project | 1 External Links Click Statistics | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2025-04-12 | N/A |
| SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-6296 | 1 Wec Map Project | 1 Wec Map | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6297 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6298 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-6299 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors. | ||||
| CVE-2014-6300 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. | ||||
| CVE-2014-6301 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-6302 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | N/A |
| The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-6303 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | N/A |
| The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||
| CVE-2014-6304 | 1 Pnmsoft | 1 Sequence Kinetics | 2025-04-12 | N/A |
| The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. | ||||
| CVE-2014-6308 | 1 Osclass | 1 Osclass | 2025-04-12 | N/A |
| Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. | ||||
| CVE-2014-6312 | 1 Login Widget With Shortcode Project | 1 Login Widget With Shortcode | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php. | ||||
| CVE-2014-6313 | 1 Woothemes | 1 Woocommerce Plugin | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php. | ||||
| CVE-2014-6315 | 1 Photo Gallery Plugin Project | 1 Photo Gallery Plugin | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. | ||||
| CVE-2014-6316 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php. | ||||