Vulnerabilities > Typo3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-17 | CVE-2009-2106 | SQL Injection vulnerability in Projektseminar Proservice WWU Virtual Civil Services 4.2.14/4.2.15/4.3.0 SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-06-17 | CVE-2009-2104 | Cross-Site Scripting vulnerability in UDO VON Eynern Modern Guest Book Commenting System Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-06-17 | CVE-2009-2103 | SQL Injection vulnerability in Steve Grundell Frontend MP3 Player 0.2.0/0.2.1/0.2.2 SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-04-10 | CVE-2008-6699 | Cross-Site Scripting vulnerability in Typo3 TJS Reslib and Typo3 Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6698 | Cross-Site Scripting vulnerability in Michael Fritz Worldcup Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-04-10 | CVE-2008-6697 | SQL Injection vulnerability in Michael Fritz Worldcup SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2009-04-10 | CVE-2008-6696 | SQL Injection vulnerability in Manu Oehler Toto 0.1.0 SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2009-04-10 | CVE-2008-6695 | SQL Injection vulnerability in Frank Naegler Timtab Sociable SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2009-04-10 | CVE-2008-6694 | SQL Injection vulnerability in Fr.Simon Rundell STE Prayer 0.0.1 SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2009-04-10 | CVE-2008-6693 | SQL Injection vulnerability in Sebastian Baumann SB Downloader SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |