234 matches found
CVE-2022-36105 User Enumeration via Response Timing in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
CVE-2022-36105 User Enumeration via Response Timing in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...
CVE-2022-36107
CVE-2022-36107 affects TYPO3 CMS, where the FileDumpController (backend and frontend) is vulnerable to cross-site scripting when rendering malicious files. A valid backend user is required to exploit. Remediation is to update TYPO3 to fixed ELTS versions: 7.6.58 , 8.7.48 , 9.5.37 , 10.4.32 , or 1...
CVE-2022-36104
CVE-2022-36104 affects TYPO3, an open-source PHP-based CMS. An issue in the page error handling occurs when requests for invalid or non-existing resources trigger the error handler, which can retrieve content from another page, causing the application to call itself recursively. This recursion am...
CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...
CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...
CVE-2022-36108
TYPO3 (CMS Core) has a cross-site scripting vulnerability in the f:asset.css view helper that occurs when user input is passed as variables to the CSS. Affected versions require upgrading to TYPO3 10.4.32 or 11.5.16 to fix the issue. Other details vary across sources, but remediation is clearly t...
CVE-2022-36108 Cross-Site Scripting in typo3/cms-core
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...
CVE-2022-36108 Cross-Site Scripting in typo3/cms-core
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...
[SECURITY] Fedora 36 Update: exim-4.96-2.fc36
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...
CVE-2021-41113
CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...
CVE-2021-41114
TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768
CVE-2021-32768 is a cross-site scripting vulnerability in TYPO3 where the frontend rendering of rich-text content can reflect malicious input due to HTMLparser not filtering all tag/attribute combinations by default. In typical scenarios, exploitation requires a valid backend user account, but if...
SUSE: Security Advisory (SUSE-SU-2015:1518-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for podman (FEDORA-2020-ccc3e64ea5)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SPIP CMS 2.x / 3.x Add Administrator / File Upload
Exploit Title : Spip CMS 2.x/3.x Add Administrator Account & Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Published Date : 26/03/2019 First Discovered Date : 2013 - 2014 Vendor Homepage : spip.net Software Download Links :...
Zentyal Server Development Edition 6.0 Cross Site Scripting
Exploit Title: Zentyal Server Development Edition 6.0 | Cross-Site Scripting Date: 27.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.zentyal.org Software Link: http://download.zentyal.com/zentyal-6.0-development-amd64.iso Version: 6.0 Introduction Zentyal Server formerly eBox...
Joomla JComments 3.0.5 SQL Injection
Exploit Title : Joomla JComments Components 3.0.5 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlatune.com Software Download Link : joomlatune.com/jcomments-downloads.html Software Information Link :...