8 matches found
CVE-2014-8874
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
Design/Logic Flaw
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
CVE-2014-8874
The CVE-2014-8874 entry relates to the TYPO3 extension ke_questionnaire (versions 2.5.2 and earlier). The vulnerability arises from predictable, easily guessable filenames for questionnaire answer files stored in publicly accessible locations, enabling remote attackers to disclose sensitive infor...
CVE-2014-8874
The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure Vulnerability
The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected. Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered...
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...
CVE-2010-4956
Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...