Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0332 | 2 Stefan Tannhaeuser, Typo3 | 2 Tv21 Talkshow, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2024-09-16 | N/A |
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | ||||
CVE-2009-4804 | 3 Mario Matzulla, Microsoft, Typo3 | 3 Calendar Base, Internet Explorer, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." | ||||
CVE-2010-0333 | 2 Matthias Graubner, Typo3 | 2 Mg Help, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-1012 | 2 Mathias Schreiber, Typo3 | 2 Nf Cleandb, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-4888 | 2 Marco Hezel, Typo3 | 2 Hm Tinymarket, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4953 | 2 Stefan Geith, Typo3 | 2 Sg Userdata, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4388 | 2 Frank Krger, Typo3 | 2 Nl Listman, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2015-8760 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." | ||||
CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4948 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4954 | 2 Typo3, Websedit | 2 Typo3, Sk Calendar | 2024-09-16 | N/A |
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-0323 | 2 Arco Van Geest, Typo3 | 2 Goof Fotoboek, Typo3 | 2024-09-16 | N/A |
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
CVE-2010-4892 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-4887 | 2 Raphael Zschorsch, Typo3 | 2 Commentsbe, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-1005 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2012-1607 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | ||||
CVE-2009-4701 | 2 Liviu Mitrofan, Typo3 | 2 Myth Download, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4392 | 1 Typo3 | 2 Typo3, Xds Staff | 2024-09-16 | N/A |
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |