Vulnerabilities > Typo3 > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-22 | CVE-2008-4656 | SQL Injection vulnerability in Typo3 Frontend Users View 0.1.2/0.1.3 SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-10-22 | CVE-2008-4655 | SQL Injection vulnerability in Typo3 Simplesurvey SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-06-16 | CVE-2008-2718 | Cross-Site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-06-16 | CVE-2008-2717 | Permissions, Privileges, and Access Controls vulnerability in multiple products TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | 6.5 |
2007-12-15 | CVE-2007-6381 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2007-02-22 | CVE-2007-1081 | Unspecified vulnerability in Typo3 The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. | 7.5 |
2006-12-21 | CVE-2006-6690 | Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | 7.5 |
2006-09-28 | CVE-2006-5069 | Cross-Site Scripting vulnerability in Typo3 Indexed Search Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2.6 |
2006-01-21 | CVE-2006-0327 | Information Disclosure vulnerability in Typo3 3.7.1/3.8.1 TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | 5.0 |
2005-12-31 | CVE-2005-4875 | Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0 TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | 7.5 |