CVE-2014-6298

Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

CVE-2014-6299

Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.

CVE-2014-3947

Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.

CVE-2014-6288

The powermail extension before 1.6.10 and 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.

CVE-2014-6289

The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.

CVE-2014-6290

The News (tt_news) extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue.

CVE-2014-6291

Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Friday's security updates

Fedora has updated cups
(F19: information disclosure).

Mandriva has updated libvirt
(BS1: multiple vulnerabilities) and phpmyadmin (BS1: cross-site scripting).

Ubuntu has updated file
(10.04, 12.04, 14.04: code execution), openssl (12.04: protocol downgrade), and openvpn (12.04: information

Indian Developers Redesigning Linux Kernel With OOP, C++ Support

Meet BOSSMOOL, an effort to redesign the Linux kernel by adding object oriented abstractions, introducing a device driver framework with C++ driver support, and other changes...

Meet BOSSMOOL, an effort to redesign the Linux kernel by adding object oriented abstractions, introducing a device driver framework with C++ driver support, and other changes...
Read more at Phoronix

Nvidia Tegra rides shotgun on Honda's Connect IVI system

Syndicate content