CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8874 – TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
https://notcve.org/view.php?id=CVE-2014-8874
01 Dec 2014 — The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. La extensión ke_questionnaire 2.5.2 y anteriores para TYPO3 utiliza nombres previsibles para los formularios de respuestas del cuestionario, lo que facilita a atacantes remotos obtener información sensible a través de una solicitud directa. The TYPO3 extension ke_questionnaire stores answered que... • https://packetstorm.news/files/id/129339 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6293
https://notcve.org/view.php?id=CVE-2014-6293
03 Oct 2014 — SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014. Vulnerabilidad de inyección SQL en la extensión Statistics (ke_stats) anterior a 1.1.2 para TYPO3 permite a atacantes remotos inyectar comandos SQL arbitrarios a través de vectores no especificados, tal y como fue demostrado activamente en febrero 2014. • http://typo3.org/extensions/repository/view/ke_stats • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2014-6235 – TYPO3 Extension ke DomPDF - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-6235
11 Sep 2014 — Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en la extensión ke DomPDF anterior a 0.0.5 para TYPO3 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for ... • https://packetstorm.news/files/id/129338 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5302
https://notcve.org/view.php?id=CVE-2013-5302
16 Aug 2013 — SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante vectores desconocidos. • http://osvdb.org/95959 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-5307
https://notcve.org/view.php?id=CVE-2013-5307
16 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en la extensión Faceted Search (ke_search) anterior a v1.4.1 para TYPO3, permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores desconocidos • http://osvdb.org/95960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •