Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)

It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the...

CVE-2014-6289

The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...

Authentication flaw

The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...

CVE-2014-6289

The CVE-2014-6289 issue affects TYPO3 extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase). The Ajax dispatcher for Extbase in yag (<=3.0.0) and pt_extbase (

CVE-2014-6289

The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...

CVE-2014-3946

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors...

CVE-2014-3946

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors...

Design/Logic Flaw

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors...

CVE-2014-3946

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors...

CVE-2014-3946

The CVE-2014-3946 issue affects TYPO3’s Extbase Framework component, specifically TYPO3 6.2.0 before 6.2.3. The vulnerability arises from improper validation of group permissions within the query caching functionality, enabling remote authenticated users to read arbitrary queries via unspecified ...

Information disclosure in the Extbase framework

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)

It has been discovered that the extensions "Yet Another Gallery" yag and "Tools for Extbase development" ptextbase are susceptible to Access Bypass Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected...

CVE-2013-7078

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

Cross site scripting

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

UBUNTU-CVE-2013-7078

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

CVE-2013-7078

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

CVE-2013-7078

TYPO3 Extbase Framework XSS (CVE-2013-7078) affects errorAction in ActionController base class. Vulnerable in TYPO3 versions 4.5.0–4.5.31, 4.7.0–4.7.16, 6.0.0–6.0.11, and 6.1.0–6.1.6 when the Rewritten Property Mapper is enabled. The vulnerability allows remote attackers to inject arbitrary scrip...

TYPO3 Multiple Vulnerabilities (Dec 2013)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

TYPO3 Multiple Vulnerabilities (Mar 2013)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

TYPO3 Extbase HMAC Unserialization Weakness

TYPO3 is prone to Unserialization Weakness. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...