Vigil@nce - TYPO3 Extensions: multiple vulnerabilities
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TYPO3 extensions.
Impacted products: TYPO3 Extensions
Severity: 2/4
Creation date: 02/09/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3 extensions.
An attacker can use CWT Frontend Edit (cwt_feedit), in order to
execute code. [severity:2/4; CVE-2014-6231]
An attacker can use LDAP (eu_ldap), in order to obtain sensitive
information. [severity:2/4; CVE-2014-6232]
An attacker can use a SQL injection in Flat Manager (flatmgr), in
order to read or alter data. [severity:2/4; CVE-2014-6233]
An attacker can trigger a Cross Site Scripting in Open Graph
protocol (jh_opengraphprotocol), in order to execute JavaScript
code in the context of the web site. [severity:2/4; CVE-2014-6234]
An attacker can use ke DomPDF (ke_dompdf), in order to execute
code. [severity:2/4; CVE-2014-6235]
An attacker can use LumoNet PHP Include (lumophpinclude), in order
to execute code. [severity:2/4; CVE-2014-6236]
An attacker can trigger a Cross Site Scripting in News Pack
(news_pack), in order to execute JavaScript code in the context of
the web site. [severity:2/4; CVE-2014-6237]
An attacker can trigger a Cross Site Scripting in SB
Folderdownload (sb_akronymmanager), in order to execute JavaScript
code in the context of the web site. [severity:2/4; CVE-2014-6238]
An attacker can use a SQL injection in Address visualization with
Google Maps (st_address_map), in order to read or alter data.
[severity:2/4; CVE-2014-6239]
An attacker can trigger a Cross Site Scripting in Google Sitemap
(weeaar_googlesitemap), in order to execute JavaScript code in the
context of the web site. [severity:2/4; CVE-2014-6240]
An attacker can use a SQL injection in wt_directory
(wt_directory), in order to read or alter data. [severity:2/4;
CVE-2014-6241]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-Extensions-multiple-vulnerabilities-15258