Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-19 | CVE-2010-1004 | SQL Injection vulnerability in Mischa Heimann Yatse SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-15 | CVE-2009-4711 | SQL Injection vulnerability in JAN Bednarik Cooluri SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686. | 7.5 |
2010-03-15 | CVE-2009-4710 | SQL Injection vulnerability in Robert Heel CWT Resetbepassword SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-15 | CVE-2009-4709 | SQL Injection vulnerability in Dirk Maiwert Datamints Newsticker SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-15 | CVE-2009-4708 | SQL Injection vulnerability in Maximo Cuadros GB Fenewssubmit SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-15 | CVE-2009-4707 | Cross-Site Scripting vulnerability in Maximo Cuadros GB Fenewssubmit Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-03-15 | CVE-2009-4706 | Cross-Site Scripting vulnerability in Sebastian Winterhalder Mailform Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-03-15 | CVE-2009-4705 | Cross-Site Scripting vulnerability in Thomas Loeffler Twittersearch 0.0.1/0.0.2 Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-03-15 | CVE-2009-4704 | Information Disclosure vulnerability in Ws Ecard Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
2010-03-15 | CVE-2009-4703 | SQL Injection vulnerability in Typo3 WS Gallery SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |