EUVD-2022-5281

Malicious code in bioql PyPI...

GHSA-V4VM-GJ2X-6QHM DCE extension for Typo3 Discloses Environment Information

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

CVE-2022-24979

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...

CVE-2022-24979

The CVE-2022-24979 vulnerability affects the Varnishcache extension for TYPO3 (before 2.0.1). The Edge Site Includes (ESI) content element renderer does not perform an access check, enabling an unauthenticated user to render various content elements and potentially access internal content (IDOR)....

Insecure direct object reference in extension "Varnishcache" (varnishcache)

The Edge Site Includes ESI content element renderer component of the extension does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR with the potential of exposing internal content elements...

CVE-2014-8328

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

Default configuration

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

CVE-2014-8328

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

CVE-2014-8328

The CVE-2014-8328 issue affects the TYPO3 Dynamic Content Elements (dce) extension prior to version 0.11.5. The vulnerability arises from the extension’s update check functionality, which could disclose sensitive installation environment information to remote attackers. The in-scope detail confir...

Information Disclosure vulnerability in Dynamic Content Elements (dce)

It has been discovered that the extension "Dynamic Content Elements" dce is susceptible to Information Disclosure. Release Date: October 17, 2014 Bulletin Update: October 18, 2014 added CVE Component Type: Third party extension. This extension is not a part of the TYPO3 default installation...