Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-15 | CVE-2009-4702 | SQL Injection vulnerability in Markus Barchfeld PM Tour SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-15 | CVE-2009-4701 | SQL Injection vulnerability in Liviu Mitrofan Myth Download 0.1.0 SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-02 | CVE-2010-0798 | SQL Injection vulnerability in Snowflake T3Blog 0.5.0/0.6.0/0.6.1 SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-02 | CVE-2010-0797 | Cross-Site Scripting vulnerability in Snowflake T3Blog 0.5.0/0.6.0/0.6.1 Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-02-22 | CVE-2010-0286 | Security Bypass vulnerability in Typo3 4.3.0 Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | 5.1 |
2010-01-15 | CVE-2010-0350 | Path Traversal vulnerability in Arco VAN Geest Goof Fotoboek Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors. | 7.5 |
2010-01-15 | CVE-2010-0347 | Cross-Site Scripting vulnerability in Typo3 VD Gemomap Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-01-15 | CVE-2010-0346 | Cross-Site Scripting vulnerability in Typo3 Mimi Tipfriends Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-01-15 | CVE-2010-0345 | Cross-Site Scripting vulnerability in Typo3 Majordomo Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-01-15 | CVE-2010-0344 | SQL Injection vulnerability in Typo3 ZAK Store Management SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |