EUVD-1999-1032

Malware in sbrugna...

EUVD-2012-6424

Malware in sbrugna...

TYPO3 Formhandler extension cross-site scripting vulnerability (CNVD-2018-01373)

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in the TYPO3 Formhandler extension. As the program fails to...

Multiple Cross-Site Scripting Vulnerabilities in Typo3 Formhandler

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . Multiple cross-site scripting vulnerabilities exist in Typo3 Formhandler due to the program failing to...

TYPO3 Formhandler 2.4.0 Cross Site Scripting

Advisory: Cross-Site Scripting in TYPO3 Formhandler Extension RedTeam Pentesting discovered a cross-site scripting vulnerability XSS in the TYPO3 extension Formhandler. Details ======= Product: TYPO3 Formhandler Affected Versions: 2.4.0 and probably earlier Fixed Versions: none, project no longer...

TYPO3 Formhandler Extension Cross-Site Scripting Vulnerability

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in versions 2.3.1 and 2.0.2 of the TYPO3 Formhandler extensio...

TYPO3 formhandler extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF. formhandler is one of the extension plugins that inserts data into the database. A cross-site scripting vulnerability exists in TYPO3 formhandler extension versions prior to 2.3.1 and 2.0.2, which can be exploited by...

Cross-Site Scripting in extension "Formhandler" (formhandler)

It has been discovered that the extension "Formhandler" formhandler is susceptible to Cross-Site Scripting. Release Date: May 27, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.3.0 and below Vulnerability...

SQL Injection vulnerability in extension Formhandler (formhandler)

It has been discovered that the extension "Formhandler" formhandler is vulnerable to SQL-Injection. Release Date: September 25, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Version: 1.6.1 and alll versions below Vulnerability...

CVE-2012-6577

SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-6577

SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-6577

CVE-2012-6577 concerns the TYPO3 Formhandler extension prior to 1.4.1. The authenticated Formhandler user with certain permissions can trigger a SQL injection via unspecified vectors, allowing execution of arbitrary SQL commands on the backend. The impact is limited to the database layer of the a...

Several Vulnerabilities in extension MailformPlus (th_mailformplus)

Several vulnerabilities have been found in the following third-party TYPO3 extension: thmailformplus Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.0.15 and below Vulnerability Types: Cross-Site Scripting Severit...

Several Vulnerabilities in extension Formhandler (formhandler)

It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.14 and below Vulnerability Types: SQL...

CVE-1999-1051

Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the replymessageattach attachment parameter...

CVE-1999-1051

Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the replymessageattach attachment parameter...

Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment

source: https://www.securityfocus.com/bid/799/info Any file that the FormHandler.cgi has read access to the cgi is typically run as user 'nobody' on Unix systems can be specified as an attachment in a reply email. This could allow an attacker to gain access to sensitive files such as /etc/passwd...

formhandler.cgi.txt

From: Mnemonix Subject: FormHandler.cgi FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's f orm and submitting it. Cheers, David Litchfield...