VYPR

Vendor CVEs

TYPO3

All CVEs

539 total · sorted by risk
  • CVE-2009-4390Dec 22, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-4389Dec 22, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.

  • CVE-2009-4388Dec 22, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4346Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4345Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4344Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4343Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4342Dec 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2009-4341Dec 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2009-4340Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4339Dec 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2009-4338Dec 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2009-4337Dec 17, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.

  • CVE-2009-4336Dec 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4167Dec 2, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.

  • CVE-2009-4166Dec 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-4165Dec 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-4164Dec 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4163Dec 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-4162Dec 2, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.

  • CVE-2009-4161Dec 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-4158Dec 2, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-3636Nov 2, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2009-3635Nov 2, 2009
    risk 0.00cvss epss 0.02

    The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

  • CVE-2009-3634Nov 2, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2009-3633Nov 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to…

  • CVE-2009-3632Nov 2, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via…

  • CVE-2009-3631Nov 2, 2009
    risk 0.00cvss epss 0.03

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

  • CVE-2009-3630Nov 2, 2009
    risk 0.00cvss epss 0.02

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

  • CVE-2009-3629Nov 2, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3628Nov 2, 2009
    risk 0.00cvss epss 0.01

    The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

  • CVE-2009-3820Oct 28, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-3819Oct 28, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.

  • CVE-2009-2106Jun 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-2105Jun 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-2104Jun 17, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2103Jun 17, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-6699Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6698Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6697Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6696Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6695Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6694Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6693Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6692Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6691Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6690Apr 10, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors.

  • CVE-2008-6689Apr 10, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

  • CVE-2008-6688Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-6687Apr 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.