5 matches found
Arbitrary file Upload in extension "Yet Another Gallery" (yag)
The extension contains the 3rd party component “Uploadify”, which includes a demo script for uploading files with the file extensions “jpg”, “jpeg”, “gif” and “png” to the server. Also, a demo script is present, which allows to check for the existence of a given filename...
CVE-2014-6289
The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...
Authentication flaw
The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...
CVE-2014-6289
The CVE-2014-6289 issue affects TYPO3 extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase). The Ajax dispatcher for Extbase in yag (<=3.0.0) and pt_extbase (
Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)
It has been discovered that the extensions "Yet Another Gallery" yag and "Tools for Extbase development" ptextbase are susceptible to Access Bypass Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...