2 results (0.011 seconds)

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. La extensión 'Front End User Registration' (sr_feuser_register) antes de v2.6.2 para TYPO3 permite a atacantes remotos obtener nombres de usuario y contraseñas a través de las funcionalidad de (1) editar Perspectivas o (2) inicio de sesión automático ('autologin'). • http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/80145 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. La extensión Frontend User Registration (sr_feuser_register) v.2.5.20 y anteriores para TYPO3, no comprueba adecuadamente los permisos de acceso, esto permite a usuarios autenticados en remoto obtener información sensible como contraseñas a través de vectores de ataque desconocidos. • http://osvdb.org/53278 http://secunia.com/advisories/34586 http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004 http://www.securityfocus.com/bid/34374 http://www.vupen.com/english/advisories/2009/0938 • CWE-264: Permissions, Privileges, and Access Controls •