Filtered by vendor Typo3
Subscriptions
Total
486 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4901 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | ||||
CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 6.5 Medium |
TYPO3 before 4.5.4 allows Information Disclosure in the backend. | ||||
CVE-2011-4632 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | ||||
CVE-2011-4631 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | ||||
CVE-2011-4630 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | ||||
CVE-2011-4629 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.4 Medium |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | ||||
CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | ||||
CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | ||||
CVE-2011-4626 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | ||||
CVE-2011-4614 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter. | ||||
CVE-2011-3980 | 2 Jerome Schneider, Typo3 | 2 Ameos Dragndropupload, Typo3 | 2024-11-21 | N/A |
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | ||||
CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | ||||
CVE-2011-1722 | 2 Typo3, Webempoweredchurch | 2 Typo3, Wec Discussion | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. | ||||
CVE-2010-5104 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. | ||||
CVE-2010-5103 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-5102 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
CVE-2010-5101 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." | ||||
CVE-2010-5100 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | ||||
CVE-2010-5098 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |