Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - TYPO3 Extensions: multiple vulnerabilities

October 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions.

- Impacted products: TYPO3 Extensions
- Severity: 2/4
- Creation date: 25/09/2013

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in TYPO3 extensions.

An attacker can unserialize data in booking, in order to execute code. [severity:2/4]

An unknown vulnerability was announced in ics_awstats. [severity:2/4; CVE-2012-4547]

An attacker can use a SQL injection in Simple Image Gallery, in order to read or alter data. [severity:2/4]

An attacker can use a SQL injection in Ratsinformationssystem, in order to read or alter data. [severity:2/4; BID-62672]

An attacker can use a SQL injection in Frontend User Registration, in order to read or alter data. [severity:2/4; BID-62671]

An unknown vulnerability was announced in meta_beawstatsind. [severity:2/4]

An attacker can bypass the authentication in Powermail double opt-in, in order to escalate his privileges. [severity:2/4]

An attacker can trigger a Cross Site Scripting in smarty, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62673]

An attacker can trigger a Cross Site Scripting in Youtube Channel Videos, in order to execute JavaScript code in the context of the web site. [severity:2/4]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/T...




See previous articles

    

See next articles