Total
428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0340 | 1 Typo3 | 2 Mjseventpro, Typo3 | 2011-04-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0342 | 1 Typo3 | 2 Job Reports, Typo3 | 2011-04-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0346 | 1 Typo3 | 2 Mimi Tipfriends, Typo3 | 2011-04-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0337 | 1 Typo3 | 2 Dl3 Tt News Alerts, Typo3 | 2011-04-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0336 | 1 Typo3 | 2 Kiddog Mysqldumper, Typo3 | 2011-04-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | |||||
| CVE-2010-0347 | 1 Typo3 | 2 Typo3, Vd Gemomap | 2011-04-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0339 | 1 Typo3 | 2 Typo3, Vm19 Userlinks | 2011-04-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6144 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | |||||
| CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-5609 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4657 | 1 Typo3 | 2 Econda Plugin, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4661 | 1 Typo3 | 2 Page Improvements, Typo3 | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4655 | 1 Typo3 | 2 Simplesurvey, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4659 | 1 Typo3 | 2 Mannschaftsliste, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4658 | 1 Typo3 | 2 Jobcontrol, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4656 | 1 Typo3 | 2 Frontend Users View, Typo3 | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2011-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4068 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | |||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 5.0 MEDIUM | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | |||||
| CVE-2010-3716 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 6.0 MEDIUM | N/A |
| The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | |||||