VYPR

Vendor CVEs

TYPO3

All CVEs

539 total · sorted by risk
  • CVE-2013-1842Mar 20, 2013
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation…

  • CVE-2012-3531Sep 5, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-3530Sep 5, 2012
    risk 0.00cvss epss 0.02

    Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

  • CVE-2012-3529Sep 5, 2012
    risk 0.00cvss epss 0.01

    The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

  • CVE-2012-3528Sep 5, 2012
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-3527Sep 5, 2012
    risk 0.00cvss epss 0.02

    view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a…

  • CVE-2012-1608Sep 4, 2012
    risk 0.00cvss epss 0.02

    The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

  • CVE-2012-1607Sep 4, 2012
    risk 0.00cvss epss 0.03

    The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

  • CVE-2012-1606Sep 4, 2012
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1605Sep 4, 2012
    risk 0.00cvss epss 0.02

    The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

  • CVE-2012-2112Aug 27, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

  • CVE-2010-5104May 21, 2012
    risk 0.00cvss epss 0.02

    The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard…

  • CVE-2010-5103May 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-5102May 21, 2012
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.

  • CVE-2010-5101May 21, 2012
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

  • CVE-2010-5100May 21, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-5098May 21, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-5097May 21, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1087Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1086Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1085Feb 14, 2012
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

  • CVE-2012-1084Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1083Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2012-1082Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1081Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1080Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1079Feb 14, 2012
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.

  • CVE-2012-1078Feb 14, 2012
    risk 0.00cvss epss 0.01

    The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory."

  • CVE-2012-1077Feb 14, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-1076Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1075Feb 14, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-1074Feb 14, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-1073Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-1072Feb 14, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-1071Feb 14, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.

  • CVE-2012-1070Feb 14, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter."

  • CVE-2011-5079Feb 14, 2012
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."

  • CVE-2010-4960Oct 9, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4957Oct 9, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4956Oct 9, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4953Oct 9, 2011
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2010-4952Oct 9, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4951Oct 9, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4950Oct 9, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4892Oct 7, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4890Oct 7, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4889Oct 7, 2011
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.

  • CVE-2010-4888Oct 7, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4887Oct 7, 2011
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2010-4885Oct 7, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 6 of 11