MidnightBSD

Advisories for kennziffer

CVE-2013-5302 HIGH

SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
kennziffer ke_search *
CVE-2013-5307 MEDIUM

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kennziffer ke_search 1.1.0
kennziffer ke_search 1.2.0
kennziffer ke_search 0.2.0
kennziffer ke_search 1.3.0
kennziffer ke_search *
kennziffer ke_search 0.1.1
kennziffer ke_search 0.3.0
kennziffer ke_search 1.1.1
kennziffer ke_search 1.0.1
kennziffer ke_search 1.0.0
kennziffer ke_search 1.0.2
kennziffer ke_search 1.3.1
CVE-2014-6235 HIGH

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
kennziffer ke_dompdf *
CVE-2014-6293 HIGH

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
kennziffer statistics *
CVE-2014-8874 MEDIUM

The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
kennziffer ke_questionnaire *