Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - TYPO3 Core: six vulnerabilities

September 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3.

Impacted products: Debian, TYPO3 Core.

Severity: 2/4.

Creation date: 02/07/2015.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in TYPO3.

An attacker authorized to change metadata of its own files can
also do it to files that should be unreachable. [severity:1/4;
TYPO3-CORE-SA-2015-002]

An attacker can define the session identifier of another user, for
instance to change its privileges. [severity:2/4;
TYPO3-CORE-SA-2015-003]

An attacker can trigger a Cross Site Scripting in page titles, in
order to execute JavaScript code in the context of the web site.
[severity:2/4; TYPO3-CORE-SA-2015-004]

An attacker can list the content of the install root folder of
TYPO3. [severity:1/4; TYPO3-CORE-SA-2015-005]

An attacker can use a special request to bypass the wait between 2
authentication attempts. [severity:1/4; TYPO3-CORE-SA-2015-006]

An attacker can trigger a Cross Site Scripting in the embedded
library Flowplayer, in order to execute JavaScript code in the
context of the web site. [severity:1/4; TYPO3-CORE-SA-2015-007]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/TYPO3-Core-six-vulnerabilities-17293


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts