21 matches found
Authentication Bypass and Blind LDAP Injection in extension eu_ldap
It has been discovered that the extension euladap is vulnerable to Authentication Bypass and Blind LDAP Injection Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.8.10 and all versions below Vulnerability Type:...
Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox
It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting. Release Date: Oktober 20, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Extension: pmkshadowbox...
Several Vulnerabilities in extension SmoothGallery for TYPO3 (rgsmoothgallery)
Several vulnerabilities have been found in the following third-party TYPO3 extension: rgsmoothgallery Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.1 and below Vulnerability Types: Cross-Site Scripting,...
Several Vulnerabilities in extension Direct Mail Subscription (direct_mail_subscription)
Several vulnerabilities have been found in the following third-party TYPO3 extension: directmailsubscription Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.0 and below Vulnerability Types: SQL Injection,...
Cross Site Scripting Vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension "Questionaire" pbsurvey is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.3.0 and below Vulnerability Types: Cross-Site Scripting...
Several Vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension Formhandler formhandler is vulnerable to SQL-Injection and Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.14 and below Vulnerability Types: SQL...
Cross-Site Scripting and Open Redirection vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Open Redirection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.10.3 and below Vulnerability Type:...
TYPO3 Security Bulletin
It has been discovered that the extension powermail powermail is vulnerable to Cross-Site Scripting, SQL Injection and Validation Bypass Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.3 and below Vulnerability...
Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)
It has been discovered that the extension Modern Guestbook / Commenting system veguestbook is vulnerable to Cross-Site Scripting. Release Date: June 16, 2009 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.7.1 and...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to SQL injections via XSRF. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.1 and all versions below Vulnerability Type: SQL injectio...
SQL Injection in extension Commerce (commerce)
It has been discovered that the extension Commerce commerce is vulnerable to SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.9.6 and below. Vulnerability Type: SQL Injection Severity: HIGH...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.3.0 and all versions below Vulnerability Type: Cross-Site...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Code Execution. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.2.0 and all versions below Vulnerability Type: Code execution...
Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks and allows Remote Command Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions:...
Multiple vulnerabilities in extension Statistics (ke_stats)
It has been discovered that the extension Statistics kestats is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and...
SQL Injection in system extension indexed_search
It has been discovered that the system extension indexedsearch is vulnerable to a SQL Injection flaw. Component Type: System extension, part of the TYPO3 default installation. Affected Versions: TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.3. Vulnerability Type: SQL Injection. Severity: Low...
Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected...
Incorrect authentication
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.1.2 and all versions below...
Information disclosure in w4x_backup
It has been discovered that the extension w4xbackup has several security related issues, which may disclosure confidential information. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.9.1 and all versions below...
SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macinabanners and its descendant ricrotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation Affecte...