Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-4966 | 2 Elemente, Typo3 | 2 Ast Addresszipsearch, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-0334 | 2 Francisco Cifuentes, Typo3 | 2 Vote For Tt News, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4970 | 2 Typo3, Typo3-macher | 2 Typo3, T3m Affiliate | 2024-09-16 | N/A |
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4950 | 2 Tim Lochmueller \& Thomas Buss, Typo3 | 2 A21glossary Advanced Output, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4803 | 2 Andreas Schwarzkopf, Typo3 | 2 Accessibility Glossary, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2015-8759 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. | ||||
CVE-2010-1021 | 2 Mads Brunn, Typo3 | 2 T3quixplorer, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0340 | 1 Typo3 | 2 Mjseventpro, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-1008 | 2 Christian Hennecke, Typo3 | 2 Chsellector, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0798 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4952 | 2 Serge Gebhardt, Typo3 | 2 Dir Listing, Typo3 | 2024-09-16 | N/A |
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | ||||
CVE-2009-4389 | 2 Robert Puntigam, Typo3 | 2 Aba Watchdog, Typo3 | 2024-09-16 | N/A |
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
CVE-2009-4398 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-0341 | 1 Typo3 | 2 Bb Simplejobs, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2013-4745 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2024-09-16 | N/A |
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2012-1605 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." | ||||
CVE-2009-3821 | 2 Apache, Typo3 | 2 Solr, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2010-3716 | 1 Typo3 | 1 Typo3 | 2024-09-16 | N/A |
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | ||||
CVE-2010-0339 | 1 Typo3 | 2 Typo3, Vm19 Userlinks | 2024-09-16 | N/A |
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2010-1011 | 2 Tim Lochmueller, Typo3 | 2 Mydashboard, Typo3 | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |