Filtered by vendor Typo3
Subscribe
Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2011-01-31 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4068 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | |||||
| CVE-2010-3716 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 6.0 MEDIUM | N/A |
| The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | |||||
| CVE-2010-3715 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. | |||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2010-10-26 | 5.0 MEDIUM | N/A |
| The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | |||||
| CVE-2010-3687 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2010-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields. | |||||
| CVE-2010-3605 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2010-09-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2010-09-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4969 | 1 Typo3 | 2 Sbanner, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4970 | 2 Typo3, Typo3-macher | 2 Typo3, T3m Affiliate | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2010-07-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4966 | 2 Elemente, Typo3 | 2 Ast Addresszipsearch, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4967 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4968 | 2 Christian Ehmann, Typo3 | 2 Event Registr, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4971 | 2 Typo3, Vincent Tietz | 2 Typo3, Vjchat | 2010-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4952 | 2 Serge Gebhardt, Typo3 | 2 Dir Listing, Typo3 | 2010-07-22 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2010-07-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4953 | 2 Stefan Geith, Typo3 | 2 Sg Userdata, Typo3 | 2010-07-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||