Vulnerabilities > Typo3 > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-05 | CVE-2009-0815 | Information Exposure vulnerability in Typo3 The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | 5.0 |
2009-02-27 | CVE-2008-6346 | Cross-Site Scripting vulnerability in Dennis Royer DR Wiki Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-02-27 | CVE-2008-6344 | SQL Injection vulnerability in Typo3 Tu-Clausthal Staff SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-02-27 | CVE-2008-6343 | Cross-Site Scripting vulnerability in Typo3 Tu-Clausthal Odin Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-02-27 | CVE-2008-6342 | Information Exposure vulnerability in Lobacher Patrick Simplefilebrowser 1.0.0/1.0.1 Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | 5.0 |
2009-02-27 | CVE-2008-6341 | Cross-Site Scripting vulnerability in Typo3 SB Universal Plugin Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-02-27 | CVE-2008-6340 | Cross-Site Scripting vulnerability in Mathieu Vidal MV VOX Populi 0.1.0/0.2.0 Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-02-27 | CVE-2008-6338 | SQL Injection vulnerability in Weber-Ebusiness WES Facilities 2.0 SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-02-16 | CVE-2008-6145 | SQL Injection vulnerability in Typo3 WEC Discussion Forum Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-02-16 | CVE-2008-6144 | Cross-Site Scripting vulnerability in Typo3 WEC Discussion Forum Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | 4.3 |