Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2020/11/23 9:18 p.m.41 views

Cleartext storage of session identifier

User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Solution...

8.1CVSS1.6AI score0.00666EPSS
Exploits0References6Affected Software2
Typo3
Typo3
added 2016/07/07 12:0 a.m.492 views

Insecure Unserialize in extension "Page path" (pagepath)

It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/07/01 12:0 a.m.19 views

Information Disclosure possibility exploitable by Editors

It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Information Disclosure Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 ...

7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/04/23 12:0 a.m.23 views

Debian DSA-2455-1 : typo3-src - missing input sanitization

Helmut Hummel of the TYPO3 security team discovered that TYPO3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this...

4.3CVSS5.5AI score0.01387EPSS
Exploits0References4
seebug.org
seebug.org
added 2012/01/05 12:0 a.m.28 views

Typo3 v4.5-4.7 - Remote Code Execution (RFI/LFI)

No description provided by source. Exploit Title: Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Date: 4th January 2012 Author: MaXe Software Link: https://typo3.org/download/ Version: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Typo3 v4.5-4.7 - Remote Code Execution...

7.1AI score
Exploits0
Rows per page
Query Builder