103 matches found
EUVD-2005-0659
Malware in sbrugna...
EUVD-2014-3584
Malware in sbrugna...
Joomla module mod_vvisit_counter SQL注入漏洞
Joomla module modvvisitcounter is a third-party extension module for Joomla! CMS by the individual developer Vinaora. A SQL injection vulnerability exists in Joomla module modvvisitcounter version v2.0.4j3, which stems from improper handling of the cipvvisitcounter cookie parameter, which could...
Apple macOS 安全漏洞
Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Monterey versions prior to 12.7.6 that stems from a third-party application extension that may not be properly sandboxed...
SUSE CVE-2015-7187
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via inline JavaScript code that is executed within a third-party extension...
Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
It has been discovered that the extension "Maag Sendmail" maagsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerabili...
SQL Injection in extension "Content Rating Extbase" (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.3 and below...
SQL Injection in extension "Event management and registration" (sf_event_mgt)
It has been discovered that the extension "Event management and registration" sfeventmgt is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.8.0 and below...
SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" news is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 5.3.2 and below Vulnerability Type: SQL...
SQL Injection in extension "Member Infosheets" (if_membersheet)
It has been discovered that the extension "Member Infosheets" ifmembersheet is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.1.2 and below...
Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...
SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" sfgntactics is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.2.8 and below...
SQL Injection in extension "Events" (jp_events)
It has been discovered that the extension "Events" jpevents is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.0.2 and below Vulnerability Type: SQL...
Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...
Insecure Unserialize in extension "Page path" (pagepath)
It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...
Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...
Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)
It has been discovered that the extension "Static Methods since 2007" div2007 is susceptible to Cross-Site Scripting. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.6.8 and below...
SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" browser is susceptible to SQL Injection. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.4.8 and below Vulnerabili...
Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)
It has been discovered that the extension "Ajax mail subscription" odsajaxmailsubscription is susceptible to Insecure Authentication and Session Handling. Release Date: March 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...
SQL Injection in extension "Another simple gallery" (chgallery)
It has been discovered that the extension "Another simple gallery" chgallery is susceptible to SQL Injection. Release Date: March 10, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.3 and below Vulnerabilit...