8 matches found
CVE-2014-8874
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
Design/Logic Flaw
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
CVE-2014-8874
The CVE-2014-8874 entry relates to the TYPO3 extension ke_questionnaire (versions 2.5.2 and earlier). The vulnerability arises from predictable, easily guessable filenames for questionnaire answer files stored in publicly accessible locations, enabling remote attackers to disclose sensitive infor...
CVE-2014-8874
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure Vulnerability
The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected. Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered...
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...
CVE-2010-4956
Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...