Skip to main content
CVE-2014-6298 HIGH PATCH This Week

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Mm Forum
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2014-3947 HIGH PATCH This Week

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection File Upload Powermail
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-6290 HIGH PATCH This Week

The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Deserialization News
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6295 HIGH PATCH This Week

SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Wec Map
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-6293 HIGH This Week

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Statistics
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-6289 HIGH PATCH This Week

The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Yet Another Gallery Tools For Extbase Developmen
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2014-6288 HIGH PATCH This Week

The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Powermail
NVD
CVSS 2.0
7.5
EPSS
0.1%
CVE-2014-4809 HIGH PATCH This Week

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

IBM Denial Of Service Security Access Manager For Web 8 0 Firmware Security Access Manager For Web Appliance Security Access Manager For Web 7 0 Firmware
NVD
CVSS 2.0
7.1
EPSS
0.9%
CVE-2014-5410 HIGH This Week

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Rockwell Denial Of Service Ab Micrologix Controller
NVD GitHub
CVSS 2.0
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy