103 matches found
EUVD-2014-3584
Malware in sbrugna...
EUVD-2005-0659
Malware in sbrugna...
Joomla module mod_vvisit_counter SQL注入漏洞
Joomla module modvvisitcounter is a third-party extension module for Joomla! CMS by the individual developer Vinaora. A SQL injection vulnerability exists in Joomla module modvvisitcounter version v2.0.4j3, which stems from improper handling of the cipvvisitcounter cookie parameter, which could...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Monterey versions prior to 12.7.6 that stems from a third-party application extension that may not be properly sandboxed...
SUSE CVE-2015-7187
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via inline JavaScript code that is executed within a third-party extension...
SQL Injection in extension "Content Rating Extbase" (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.3 and below...
Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
It has been discovered that the extension "Maag Sendmail" maagsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerabili...
SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" news is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 5.3.2 and below Vulnerability Type: SQL...
SQL Injection in extension "Event management and registration" (sf_event_mgt)
It has been discovered that the extension "Event management and registration" sfeventmgt is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.8.0 and below...
SQL Injection in extension "Member Infosheets" (if_membersheet)
It has been discovered that the extension "Member Infosheets" ifmembersheet is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.1.2 and below...
Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...
SQL Injection in extension "Events" (jp_events)
It has been discovered that the extension "Events" jpevents is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.0.2 and below Vulnerability Type: SQL...
SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" sfgntactics is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.2.8 and below...
Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...
Insecure Unserialize in extension "Page path" (pagepath)
It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...
Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)
It has been discovered that the extension "Static Methods since 2007" div2007 is susceptible to Cross-Site Scripting. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.6.8 and below...
Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...
SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...
Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)
It has been discovered that the extension "Ajax mail subscription" odsajaxmailsubscription is susceptible to Insecure Authentication and Session Handling. Release Date: March 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript. Release Date: March 10, 2016 Component Type: Third par...