Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-07 | CVE-2010-4888 | SQL Injection vulnerability in Marco Hezel HM Tinymarket SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-07 | CVE-2010-4887 | SQL Injection vulnerability in Raphael Zschorsch Commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-10-07 | CVE-2010-4886 | Cross-Site Scripting vulnerability in Peter Proell Tweetbutton 1.0.0/1.0.2/1.0.3 Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-07 | CVE-2010-4885 | Cross-Site Scripting vulnerability in Peter Proell Xing 1.0.0 Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-10-04 | CVE-2011-3980 | Unspecified vulnerability in Jerome Schneider Ameos Dragndropupload 2.0.0/2.0.1 Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | 7.5 |
2011-04-19 | CVE-2011-1722 | SQL Injection vulnerability in Webempoweredchurch WEC Discussion Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. | 7.5 |
2010-10-25 | CVE-2010-4068 | Improper Input Validation vulnerability in Typo3 Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | 4.9 |
2010-10-25 | CVE-2010-3717 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | 5.0 |
2010-10-25 | CVE-2010-3716 | Improper Input Validation vulnerability in Typo3 The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | 6.0 |
2010-10-25 | CVE-2010-3715 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. | 4.3 |