EUVD-2007-6348

Malware in sbrugna...

TYPO3 'indexed_search' function cross-site scripting vulnerability

TYPO3 is a free and open source content management system. TYPO3's indexedsearch function suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijac...

TYPO3 indexed_search SQL Injection Vulnerability

TYPO3 is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescriptio...

Sql injection

SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-4634

Summary: TYPO3’s jQuery autocomplete for indexed_search (rzautocomplete) extension is vulnerable to SQL injection in all versions before 0.0.9, as described in CVE-2013-4634. Impact: Remote attackers could execute arbitrary SQL commands via unspecified vectors. Affected component: rzautocomplete ...

CVE-2013-4634

SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-0258

The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...

CVE-2009-0258

TYPO3 Indexed Search Engine (indexed_search) in TYPO3 versions 4.0.0–4.0.9, 4.1.0–4.1.7, and 4.2.0–4.2.3 is vulnerable to remote command execution via a crafted filename containing shell metacharacters. The issue arises because the command-line indexer does not properly handle such characters, al...

CVE-2009-0258

The Indexed Search Engine indexedsearch system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line index...

SQL Injection in system extension indexed_search

It has been discovered that the system extension indexedsearch is vulnerable to a SQL Injection flaw. Component Type: System extension, part of the TYPO3 default installation. Affected Versions: TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.3. Vulnerability Type: SQL Injection. Severity: Low...