Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Typo3 Subscribe
Filtered by product Typo3
Total 428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-5099 1 Typo3 1 Typo3 2017-08-28 6.8 MEDIUM N/A
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
CVE-2010-5097 1 Typo3 1 Typo3 2017-08-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1722 2 Typo3, Webempoweredchurch 2 Typo3, Wec Discussion 2017-08-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
CVE-2010-1218 2 Mm Forum, Typo3 2 Mmforum, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1026 2 Mathon Nicolas, Typo3 2 Tmsw Cleandb, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1025 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1027 2 Dietmar Schffer, Typo3 2 Travelmate, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1024 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4345 2 Jonas Renggli, Typo3 2 Vshoutbox, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4344 2 Tobias Sommer, Typo3 2 Zid Linklist, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4343 2 Dominic Eckart, Typo3 2 Trainincdb, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4342 2 Melvin Mach, Typo3 2 Jobexchange, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4341 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4340 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4339 2 Stephan Vits, Typo3 2 Mf Subscription, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4338 2 Jean-david Gadina, Typo3 2 Slideshow, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4337 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
CVE-2009-4336 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3636 1 Typo3 1 Typo3 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2009-3635 1 Typo3 1 Typo3 2017-08-16 6.8 MEDIUM N/A
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.