Lucene search
K

234 matches found

Cvelist
Cvelist
added 2022/09/13 5:40 p.m.45 views

CVE-2022-36105 User Enumeration via Response Timing in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

5.3CVSS5.7AI score0.00977EPSS
Exploits0References3
OSV
OSV
added 2022/09/13 5:40 p.m.17 views

CVE-2022-36105 User Enumeration via Response Timing in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

5.3CVSS5.5AI score0.00977EPSS
Exploits0References5
CVE
CVE
added 2022/09/13 5:30 p.m.89 views

CVE-2022-36107

CVE-2022-36107 affects TYPO3 CMS, where the FileDumpController (backend and frontend) is vulnerable to cross-site scripting when rendering malicious files. A valid backend user is required to exploit. Remediation is to update TYPO3 to fixed ELTS versions: 7.6.58 , 8.7.48 , 9.5.37 , 10.4.32 , or 1...

6.5CVSS5.6AI score0.00722EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/13 5:20 p.m.82 views

CVE-2022-36104

CVE-2022-36104 affects TYPO3, an open-source PHP-based CMS. An issue in the page error handling occurs when requests for invalid or non-existing resources trigger the error handler, which can retrieve content from another page, causing the application to call itself recursively. This recursion am...

7.5CVSS6.4AI score0.01312EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/13 5:20 p.m.48 views

CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

5.9CVSS7.7AI score0.01312EPSS
Exploits0References3
OSV
OSV
added 2022/09/13 5:20 p.m.16 views

CVE-2022-36104 Denial of Service via Page Error Handling in TYPO3/cms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

5.9CVSS7.4AI score0.01312EPSS
Exploits0References5
CVE
CVE
added 2022/09/13 5:20 p.m.84 views

CVE-2022-36108

TYPO3 (CMS Core) has a cross-site scripting vulnerability in the f:asset.css view helper that occurs when user input is passed as variables to the CSS. Affected versions require upgrading to TYPO3 10.4.32 or 11.5.16 to fix the issue. Other details vary across sources, but remediation is clearly t...

6.5CVSS6.2AI score0.0072EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/13 5:20 p.m.30 views

CVE-2022-36108 Cross-Site Scripting in typo3/cms-core

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

6.5CVSS6.6AI score0.0072EPSS
Exploits0References3
OSV
OSV
added 2022/09/13 5:20 p.m.18 views

CVE-2022-36108 Cross-Site Scripting in typo3/cms-core

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the...

6.5CVSS6AI score0.0072EPSS
Exploits0References5
Fedora
Fedora
added 2022/09/08 11:3 a.m.36 views

[SECURITY] Fedora 36 Update: exim-4.96-2.fc36

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

7.5CVSS1.5AI score0.02551EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2021/10/05 6:15 p.m.36 views

CVE-2021-41114

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

5.3CVSS5.9AI score0.0116EPSS
Exploits0References4
CVE
CVE
added 2021/10/05 5:20 p.m.82 views

CVE-2021-41113

CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...

8.8CVSS8.1AI score0.00619EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/05 5:15 p.m.77 views

CVE-2021-41114

TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...

5.3CVSS4.9AI score0.0116EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/08/10 5:15 p.m.38 views

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS5.8AI score0.00727EPSS
Exploits0References3
CVE
CVE
added 2021/08/10 4:30 p.m.84 views

CVE-2021-32768

CVE-2021-32768 is a cross-site scripting vulnerability in TYPO3 where the frontend rendering of rich-text content can reflect malicious input due to HTMLparser not filtering all tag/attribute combinations by default. In typical scenarios, exploitation requires a valid backend user account, but if...

6.1CVSS6AI score0.00727EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2015:1518-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.4AI score0.33094EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2020/03/10 12:0 a.m.51 views

Fedora: Security Advisory for podman (FEDORA-2020-ccc3e64ea5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.8AI score0.05071EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2019/03/26 12:0 a.m.384 views

SPIP CMS 2.x / 3.x Add Administrator / File Upload

Exploit Title : Spip CMS 2.x/3.x Add Administrator Account & Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Published Date : 26/03/2019 First Discovered Date : 2013 - 2014 Vendor Homepage : spip.net Software Download Links :...

7.5CVSS0.3AI score0.08982EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/02/27 12:0 a.m.58 views

Zentyal Server Development Edition 6.0 Cross Site Scripting

Exploit Title: Zentyal Server Development Edition 6.0 | Cross-Site Scripting Date: 27.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.zentyal.org Software Link: http://download.zentyal.com/zentyal-6.0-development-amd64.iso Version: 6.0 Introduction Zentyal Server formerly eBox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/01/31 12:0 a.m.1988 views

Joomla JComments 3.0.5 SQL Injection

Exploit Title : Joomla JComments Components 3.0.5 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/01/2019 Vendor Homepage : joomlatune.com Software Download Link : joomlatune.com/jcomments-downloads.html Software Information Link :...

0.6AI score
Exploits0
Rows per page
Query Builder