CVE-2013-7400
https://notcve.org/view.php?id=CVE-2013-7400
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. La extensión Direct Mail (direct_mail), en versiones anteriores a la 3.1.2 para TYPO3 permite que atacantes remotos obtengan información sensible aprovechando la comprobación incorrecta de códigos de autenticación. • http://www.openwall.com/lists/oss-security/2014/09/11/4 https://extensions.typo3.org/extension/direct_mail https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-4159
https://notcve.org/view.php?id=CVE-2009-4159
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la característica de configuración de newsletter en el módulo backend en la extensión Direct Mail (direct_mail) v2.6.4 y anteriores para TYPO3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores inespecíficos. • http://secunia.com/advisories/37552 http://typo3.org/extensions/repository/view/direct_mail/2.6.5 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-018 http://www.securityfocus.com/bid/37166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •