High

DATE	CVE	VULNERABILITY TITLE	RISK
2009-12-02	CVE-2009-4165	SQL Injection vulnerability in Simple Glossar Simple Glossar 1.0.3 SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity simple-glossar typo3 CWE-89	7.5
2009-12-02	CVE-2009-4163	SQL Injection vulnerability in TW Productfinder TW Productfinder SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity tw-productfinder typo3 CWE-89	7.5
2009-12-02	CVE-2009-4162	Local Security vulnerability in Mauro Lorenzutti Wfqbe 1.3.1 Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. local low complexity mauro-lorenzutti typo3	7.2
2009-12-02	CVE-2009-4158	SQL Injection vulnerability in Mario Matzulla CAL SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity typo3 mario-matzulla CWE-89	7.5
2009-11-02	CVE-2009-3631	Code Injection vulnerability in Typo3 The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. network typo3 CWE-94	8.5
2009-10-28	CVE-2009-3820	SQL Injection vulnerability in Flagbit FB Filebase 0.1.0 SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity typo3 flagbit CWE-89	7.5
2009-06-17	CVE-2009-2106	SQL Injection vulnerability in Projektseminar Proservice WWU Virtual Civil Services 4.2.14/4.2.15/4.3.0 SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity typo3 projektseminar-proservice-wwu CWE-89	7.5
2009-06-17	CVE-2009-2103	SQL Injection vulnerability in Steve Grundell Frontend MP3 Player 0.2.0/0.2.1/0.2.2 SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity steve-grundell typo3 CWE-89	7.5
2009-04-10	CVE-2008-6697	SQL Injection vulnerability in Michael Fritz Worldcup SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. network low complexity typo3 michael-fritz CWE-89	7.5
2009-04-10	CVE-2008-6696	SQL Injection vulnerability in Manu Oehler Toto 0.1.0 SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. network low complexity typo3 manu-oehler CWE-89	7.5