Page 7 of 39 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Random Prayer (ste_prayer) v0.0.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos. • http://osvdb.org/46391 http://typo3.org/teams/security/security-bulletins/typo3-20080619-1 http://www.securityfocus.com/bid/29827 https://exchange.xforce.ibmcloud.com/vulnerabilities/43209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión Random Prayer 2 (ste_prayer2) para TYPO3 antes de la versión 0.0.3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48280 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31264 https://exchange.xforce.ibmcloud.com/vulnerabilities/45264 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión Diocese of Portsmouth Church Search (pd_churchsearch) para TYPO3, en las versiones anteriores a la 0.1.1 y 0.2.X antes de 0.2.10, permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48279 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31260 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0

Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Pebble anterior a v2.3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/33888 http://sourceforge.net/forum/forum.php?forum_id=917656 http://sourceforge.net/project/shownotes.php?release_id=660130 http://www.securityfocus.com/bid/33733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. Múltiples vulnerabilidades de secuencias de sitios cruzados (XSS) en admin_panel.php de la extensión Simon Elvery WP-Footnotes 2.2 para WordPress permiten a atacantes remoros inyectar web script o HTML de su elección a través de los parámetros (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], y (4) wp_footnotes_current_settings[post_footnotes]. • https://www.exploit-db.com/exploits/31092 http://secunia.com/advisories/28772 http://securityreason.com/securityalert/3634 http://www.securityfocus.com/archive/1/487430/100/0/threaded http://www.securityfocus.com/bid/27572 https://exchange.xforce.ibmcloud.com/vulnerabilities/40218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •