Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-12-17 | CVE-2009-4342 | SQL Injection vulnerability in Melvin Mach Jobexchange 0.0.3 SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4341 | SQL Injection vulnerability in Mischa Heissmann NO Indexed Search 0.2.0 SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4340 | Cross-Site Scripting vulnerability in Mischa Heissmann NO Indexed Search 0.2.0 Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-17 | CVE-2009-4339 | SQL Injection vulnerability in Stephan Vits MF Subscription 0.2.2 SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4338 | SQL Injection vulnerability in Jean-David Gadina Slideshow 0.2.2 SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2009-12-17 | CVE-2009-4337 | SQL Injection vulnerability in Simon Rundell PD Calendar Today 0.0.3 SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | 7.5 |
2009-12-17 | CVE-2009-4336 | Cross-Site Scripting vulnerability in Simon Rundell PD Calendar Today 0.0.3 Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-12-02 | CVE-2009-4167 | Unspecified vulnerability in Lukas Taferner IT Basetag 1.0.0 Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | 6.4 |
2009-12-02 | CVE-2009-4166 | SQL Injection vulnerability in Michal Hadr Mchtrips 2.0.0 SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-12-02 | CVE-2009-4165 | SQL Injection vulnerability in Simple Glossar Simple Glossar 1.0.3 SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |