CVE-2009-4159

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-16698

The directmail aka Direct Mail extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user with restricted permissions to the feusers table to view and export data of frontend users who are subscribed to a newsletter...

EUVD-2021-1454

Malware in sbrugna...

EUVD-2013-7164

Malware in sbrugna...

EUVD-2009-4129

Malware in sbrugna...

EUVD-2008-6428

Malware in sbrugna...

EUVD-2022-4262

Malicious code in bioql PyPI...

Arbitrary Code Execution

directmailteam/direct-mail is vulnerable to Arbitrary Code Execution. The vulnerability is due to the Configuration backend module of the extension which allows an authenticated user to write arbitrary TSConfig for folders configured as Direct Mail. This issue can be exploited by an attacker by...

Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

GHSA-P6XX-FHFW-7MJ7 Configuration Injection in extension "Direct Mail" (direct_mail)

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection TYPO3 10.4 and above and to Arbitrary Code Execution TYPO3 9.5 and below. A...

TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-011...

TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-011...

ITPison OMICARD EDM 代码问题漏洞

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from China-based ITPison. A code issue vulnerability exists in ITPison OMICARD EDM that stems from the file upload feature not restricting the upload of dangerous types of files...

The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information

The Direct Mail directmail extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes...

GHSA-4MH5-JJ5W-3F9Q The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information

The Direct Mail directmail extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes...

GHSA-7X6F-JVMG-6FGP TYPO3 Direct Mail Extension Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

TYPO3 Direct Mail Extension Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Information Disclosure

directmailteam/direct-mail is vulnerable to information disclosure. The extension fails to check if an authenticated backend user has access to pages with newsletter subscriber data when using the "Special query" feature...

Open Redirection

directmailteam/direct-mailis vulnerable to open redirection. The package does not sanitize jumpUrl allowing an attacker to redirect users to a malicious site...

Denial Of Service (DoS)

directmailteam/direct-mail is vulnerable to denial of service. An attacker is able to crash the system by requesting invalid or non-existing resources via HTTP which cause the system to call itself recursively...