Lucene search
+L
Typo3Most viewed

473 matches found

Typo3
Typo3
added 2015/01/16 12:0 a.m.11 views

Information Disclosure in Direct Mail Subscription (direct_mail_subscription)

It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Information Disclosure. Release Date: January 16, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.1...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/08/05 12:0 a.m.11 views

Cross-Site Scripting vulnerability in extension Front End User Registration (sr_feuser_register)

It has been discovered that the extension "Front End User Registration" srfeuserregister is vulnerable to Cross-Site Scripting. Release Date: August 05, 2013 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Version: 3.0.1 and alll...

6.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/12/22 12:0 a.m.11 views

TYPO3 Security Bulletin

It has been discovered that the extension WEC Discussion Forum wecdiscussion is vulnerable to Cross-Site Scripting XSS and SQL injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.7.0 and all versions below...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2007/07/09 12:0 a.m.11 views

Incorrect authentication

It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.1.2 and all versions below...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2006/09/11 12:0 a.m.11 views

Cross-Site Scripting vulnerability in Indexed Search

A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting XSS Component Type: System Extension This Extension is Part of the TYPO3 default installation Affected Components: Indexed Search Versions: 2.9.0 under TYPO3 4.x Vulnerability Type: Cross Site Scripting...

6.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/11/14 12:0 a.m.11 views

TYPO3 Security Bulletin

Under special circumstances, setting config.baseURL see typo3.org/documentation/document-library/doccoretsref/quotCONFIGquot/ to a numeric value "1" could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration. Component...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2020/05/12 12:0 a.m.10 views

Broken Access Control in extension "gForum" (g_forum)

The extension fails to check access rights of authenticated frontend users allowing to create, edit and delete various records of the extension without proper permission...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/08/09 12:0 a.m.10 views

Information Disclosure in extension "TemplaVoilà! Plus" (templavoilaplus)

Due to a missing access check it is possible to view the contents any file within a TYPO3 installation. A valid backend user account having access to the "TemplaVoilà! Plus" backend module is needed in order to exploit this vulnerability...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/12/15 12:0 a.m.10 views

TYPO3 is susceptible to Cross-Site Flashing

It has been discovered, that TYPO3 is susceptible to Cross-Site Flashing Component Type: TYPO3 CMS Release Date: December 15, 2015 Vulnerable subcomponent: Flvplayer Vulnerability Type: Affected Versions: Versions 6.2.0 to 6.2.15 Severity: Medium Suggested CVSS v2.0:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.10 views

SQL Injection vulnerability in extension Developer Log (devlog)

It has been discovered that the extension "Developer Log" devlog is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.11.3 and below Vulnerability Type: SQL...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.10 views

SQL Injection vulnerability in extension Store Locator (locator)

It has been discovered that the extension "Store Locator" locator is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.3.0 and below Vulnerability Type: SQL...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2014/09/26 12:0 a.m.10 views

Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin is susceptible to Cross-Site Scripting and Cross-Site Request Forgery. Release Date: September 26, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: versi...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2010/08/13 12:0 a.m.10 views

TYPO3 Security Bulletin

It has been discovered that the extension mmforum mmforum is vulnerable to Information Disclosure. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.9.0 and all versions below Vulnerability Type: Information...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/11/10 12:0 a.m.10 views

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: "advcalendar" advCalendar, "CMS Poll system" cmspoll, "eLuna Page Comments" elunapagecomments, "Wir ber uns" sic fsmipeople, "Dictionary" rtgdictionary Please read first: This Collective Security Bulletin CSB i...

8AI score
Exploits0Affected Software5
Typo3
Typo3
added 2019/12/17 12:0 a.m.9 views

Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

Failing to properly check access rights, the extension is susceptible to privilege escalation, making it possible for a logged in frontend user to modify other frontend user records...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/05/07 12:0 a.m.9 views

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/01/22 12:0 a.m.9 views

Multiple vulnerabilities in extension "typo3_forum" (typo3_forum)

The extension fails to property check User Access Rights to posts which makes it possible for registered forum users to modify and take over posts of foreign users. The extension also creates an upload directory with 777 permissions...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.9 views

Cross-Site Scripting in extension BE User Log (beko_beuserlog)

It has been discovered that the extension "BE User Log" bekobeuserlog is susceptible to Cross-Site Scripting Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.1.1 and below Vulnerability...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/06/15 12:0 a.m.9 views

SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek)

It has been discovered that the extension "Smoelenboek" ncgovsmoelenboek is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.8 and below Vulnerability Type...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2013/06/03 12:0 a.m.9 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessibleisbrowseresults, maagformcaptcha, metafeedit, rzautocomplete, sbfolderdownload, sgzfelib, sgzlib, tqseo Release Date: June 03, 2013 Please read first: This Collective Security Bulletin CSB is a listin...

7.5AI score
Exploits0Affected Software8
Typo3
Typo3
added 2010/03/16 12:0 a.m.9 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Brainstorming brainstorming, Power Extension Manager chlightem, Sellector.com Widget Integration chsellector, Educator educator, MK Wastebasket mkwastebasket, myDashboard mydashboard, CleanDB nfcleandb, Diocese...

8.1AI score
Exploits0Affected Software21
Typo3
Typo3
added 2017/12/19 12:0 a.m.8 views

Cross Site-Scripting in extension "Caretaker" (caretaker)

Solution: An updated version 0.8.1 is available from the TYPO3 Extension Manager and at . Users of the extension are advised to update the extension as soon as possible...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2008/05/13 12:0 a.m.8 views

Multiple vulnerabilities in extension Statistics (ke_stats)

It has been discovered that the extension Statistics kestats is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and...

7.4AI score
Exploits0Affected Software1
Total number of security vulnerabilities473