High

DATE	CVE	VULNERABILITY TITLE	RISK
2011-10-09	CVE-2010-4961	SQL Injection vulnerability in Dev-Team Typoheads Webkitpdf SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity dev-team-typoheads typo3 CWE-89	7.5
2011-10-09	CVE-2010-4957	SQL Injection vulnerability in Nadine Schwingler KE Questionnaire 1.2.1/2.0.0 SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity nadine-schwingler typo3 CWE-89	7.5
2011-10-09	CVE-2010-4952	SQL Injection vulnerability in Joachim Ruhs Festat 0.1.6/0.1.8/0.1.9 SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity joachim-ruhs typo3 CWE-89	7.5
2011-10-09	CVE-2010-4950	SQL Injection vulnerability in Joachim Ruhs Event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity joachim-ruhs typo3 CWE-89	7.5
2011-10-07	CVE-2010-4891	SQL Injection vulnerability in Andreas Kiefer KE YAC SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity andreas-kiefer typo3 CWE-89	7.5
2011-10-07	CVE-2010-4888	SQL Injection vulnerability in Marco Hezel HM Tinymarket SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity marco-hezel typo3 CWE-89	7.5
2011-10-07	CVE-2010-4887	SQL Injection vulnerability in Raphael Zschorsch Commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity raphael-zschorsch typo3 CWE-89	7.5
2011-10-04	CVE-2011-3980	Unspecified vulnerability in Jerome Schneider Ameos Dragndropupload 2.0.0/2.0.1 Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. network low complexity jerome-schneider typo3	7.5
2011-04-19	CVE-2011-1722	SQL Injection vulnerability in Webempoweredchurch WEC Discussion Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. network low complexity webempoweredchurch typo3 CWE-89	7.5
2010-10-25	CVE-2010-3714	Permissions, Privileges, and Access Controls vulnerability in Typo3 The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. network typo3 CWE-264	7.1