Vulnerabilities > Typo3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-28 | CVE-2008-5995 | Cross-Site Scripting vulnerability in Typo3 Freecap Captcha Extension 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-01-22 | CVE-2009-0258 | Improper Input Validation vulnerability in Typo3 The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. | 10.0 |
| 2009-01-22 | CVE-2009-0257 | Cross-Site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | 4.3 |
| 2009-01-22 | CVE-2009-0256 | Improper Authentication vulnerability in Typo3 Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | 7.5 |
| 2009-01-22 | CVE-2009-0255 | Use of Insufficiently Random Values vulnerability in multiple products The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | 7.5 |
| 2008-12-31 | CVE-2008-5801 | Code Injection vulnerability in Typo3 Dictionary Extension Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2008-12-31 | CVE-2008-5800 | SQL Injection vulnerability in Typo3 Fsmi People and WIR BER UNS Extension SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-31 | CVE-2008-5799 | Cross-Site Scripting vulnerability in Typo3 WIR BER UNS Extension 0.0.23 Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-12-31 | CVE-2008-5798 | SQL Injection vulnerability in Typo3 CMS Poll System Extension SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-31 | CVE-2008-5797 | SQL Injection vulnerability in Typo3 Advcalendar Extension SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |