VYPR

Typo3

by TYPO3

Source repositories

CVEs (206)

  • CVE-2008-2718Jun 16, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web…

  • CVE-2007-6381Dec 15, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-1081Feb 22, 2007
    risk 0.00cvss epss 0.01

    The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

  • CVE-2006-5069Sep 28, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

  • CVE-2006-0327Jan 21, 2006
    risk 0.00cvss epss 0.02

    TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

  • CVE-2005-4875Dec 31, 2005
    risk 0.00cvss epss 0.01

    TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.

Page 11 of 11