Vulnerabilities > Typo3

DATE CVE VULNERABILITY TITLE RISK
2008-07-07 CVE-2008-3041 Permissions, Privileges, and Access Controls vulnerability in Typo3 DAM Frontend Extension
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control."
network
low complexity
typo3 CWE-264
7.5
7.5
2008-07-07 CVE-2008-3040 Information Exposure vulnerability in Typo3 DAM Frontend Extension
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
network
low complexity
typo3 CWE-200
5.0
5.0
2008-07-07 CVE-2008-3039 SQL Injection vulnerability in Typo3 DAM Frontend Extension
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-07-07 CVE-2008-3038 SQL Injection vulnerability in Typo3 Address Directory
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2008-07-07 CVE-2008-3037 Cross-Site Scripting vulnerability in Typo3 Address Directory
Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-07-07 CVE-2008-3032 Cross-Site Scripting vulnerability in Typo3 PHPmyadmin 0.2.2/3.0
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-07-07 CVE-2008-3029 Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum 1.6/1.6.0/1.6.1
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-07-07 CVE-2008-3028 Cross-Site Scripting vulnerability in Typo3 Send A Card 2.2/2.2.1
Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-06-16 CVE-2008-2718 Cross-Site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
typo3 CWE-79
4.3
4.3
2008-06-16 CVE-2008-2717 Permissions, Privileges, and Access Controls vulnerability in multiple products
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
network
low complexity
apache typo3 CWE-264
6.5
6.5