Filtered by vendor Typo3
Subscriptions
Total
486 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2024-08-07 | N/A |
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | ||||
CVE-2008-3029 | 1 Typo3 | 1 Wec Discussion Forum | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-3044 | 1 Typo3 | 1 News Calendar Extension | 2024-08-07 | N/A |
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-3040 | 1 Typo3 | 1 Dam Frontend Extension | 2024-08-07 | N/A |
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
CVE-2008-3046 | 1 Typo3 | 1 Packman Extension | 2024-08-07 | N/A |
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors. | ||||
CVE-2008-3039 | 1 Typo3 | 1 Dam Frontend Extension | 2024-08-07 | N/A |
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-3045 | 1 Typo3 | 1 Industry Database | 2024-08-07 | N/A |
Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity." | ||||
CVE-2008-3052 | 1 Typo3 | 1 Sql Frontend Extension | 2024-08-07 | N/A |
Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors. | ||||
CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2024-08-07 | N/A |
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors. | ||||
CVE-2008-3032 | 1 Typo3 | 1 Phpmyadmin | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-3041 | 1 Typo3 | 1 Dam Frontend Extension | 2024-08-07 | N/A |
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control." | ||||
CVE-2008-3053 | 1 Typo3 | 1 Sql Frontend Extension | 2024-08-07 | N/A |
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-2718 | 1 Typo3 | 1 Typo3 | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-2717 | 2 Apache, Typo3 | 2 Apache Webserver, Typo3 | 2024-08-07 | N/A |
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | ||||
CVE-2008-2526 | 1 Typo3 | 1 Wt Gallery | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-2525 | 1 Typo3 | 1 Rlmp Eventdb | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-2490 | 1 Typo3 | 1 Kj Imagelightbox2 | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input." | ||||
CVE-2008-2489 | 1 Typo3 | 1 Sg Zfelib | 2024-08-07 | N/A |
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | ||||
CVE-2008-2344 | 1 Typo3 | 1 Air Filemanager | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2024-08-07 | N/A |
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." |