Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Typo3 Subscribe
Total 472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1083 1 Typo3 2 Terminal, Typo3 2012-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-4614 1 Typo3 1 Typo3 2012-02-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
CVE-2011-5079 2 Netcreators, Typo3 2 Irfaq, Typo3 2012-02-28 5.8 MEDIUM N/A
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
CVE-2012-1080 1 Typo3 2 Skt Eurocalc, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1081 2 Roderick Braun, Typo3 2 Ya Googlesearch, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1082 1 Typo3 2 Terminal, Typo3 2012-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1086 1 Typo3 2 Aeurltool, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1087 2 Bluechip, Typo3 2 Bc Post2facebook, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1070 2 Netcreators, Typo3 2 Irfaq, Typo3 2012-02-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter."
CVE-2012-1077 2 Manfred Egger, Typo3 2 Bc Post2facebook, Typo3 2012-02-14 7.5 HIGH N/A
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5080 2 Juergen Furrer, Typo3 2 Jftcaforms, Typo3 2012-02-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3819 2 Typo3, Urs Maag 2 Typo3, Maag Randomimage 2011-12-13 10.0 HIGH N/A
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVE-2009-3820 2 Flagbit, Typo3 2 Fb Filebase, Typo3 2011-12-13 7.5 HIGH N/A
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3821 2 Apache, Typo3 2 Solr, Typo3 2011-12-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0331 2 Stefan Tannhaeuser, Typo3 2 Tv21 Talkshow, Typo3 2011-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0332 2 Stefan Tannhaeuser, Typo3 2 Tv21 Talkshow, Typo3 2011-08-07 7.5 HIGH N/A
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0329 2 Alex Kellner, Typo3 2 Powermail, Typo3 2011-08-07 7.5 HIGH N/A
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
CVE-2010-0333 2 Matthias Graubner, Typo3 2 Mg Help, Typo3 2011-07-25 7.5 HIGH N/A
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0335 2 Francisco Cifuentes, Typo3 2 Vote For Tt News, Typo3 2011-07-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0334 2 Francisco Cifuentes, Typo3 2 Vote For Tt News, Typo3 2011-07-24 7.5 HIGH N/A
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.