65 matches found
CVE-2010-0329
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."...
EUVD-2010-3600
Malware in sbrugna...
EUVD-2014-3881
Malware in sbrugna...
EUVD-2008-2179
Malware in sbrugna...
EUVD-2012-5763
Malware in sbrugna...
EUVD-2010-3671
Malware in sbrugna...
EUVD-2010-0360
Malware in sbrugna...
EUVD-2010-4856
Malware in sbrugna...
EUVD-2024-2850
Malicious code in bioql PyPI...
EUVD-2025-22306
Malicious code in bioql PyPI...
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
CVE-2025-7899
CVE-2025-7899 concerns the powermail extension for TYPO3, where an Insecure Direct Object Reference (IDOR) could allow downloading arbitrary files from the webserver. Affected versions are powermail 12.0.0 through 12.5.2 and 13.0.0. The underlying issue is an IDOR vulnerability in the module that...
CVE-2025-7899 Insecure Direct Object Reference in extension "powermail" (powermail)
The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0...
CVE-2024-45233
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...
CVE-2024-45232
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...
CVE-2010-3604
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-3605
Cross-site scripting XSS vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-4892
Cross-site scripting XSS vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2024-47047
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference IDOR in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms...