Lucene search
+L
Typo3Most viewed

473 matches found

typo3
typo3
added 2011/06/14 12:0 a.m.21 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: Photogallery cegallery, SEO Photogallery by Evorion evgallery Release Date: June 14, 2011 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant...

7.5AI score
Exploits0Affected Software2
typo3
typo3
added 2008/11/10 12:0 a.m.21 views

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.0 and all versions below Vulnerability Type: Cross-Site...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2008/07/01 12:0 a.m.21 views

Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)

It has been discovered that the extension Send-A-Card srsendcard is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.2.2 and all versions below Vulnerability Type: Insufficient...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2006/12/05 12:0 a.m.21 views

thumbs.php

A problem has been discovered with thumbs.php providing access to unwanted files Component Type: TYPO3 Core Affected Versions: ALL Vulnerability Type: Image Access Severity: minor Problem Description: TYPO3 uses a script t3lib/thumbs.php to display thumbnails of images and/or PDF documents. It ha...

6.7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/06/25 12:0 a.m.20 views

Information Disclosure in Backend User Interface

The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...

6.4AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.20 views

Information Disclosure in Page Tree

It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.20 views

Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...

6.7AI score
Exploits0Affected Software1
typo3
typo3
added 2015/07/01 12:0 a.m.20 views

Information Disclosure possibility exploitable by Editors

It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Backend Vulnerability Type: Information Disclosure Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 ...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2014/11/27 12:0 a.m.20 views

Improper Access Control in WebDav for filemounts (webdav)

It has been discovered that the extension "WebDav for filemounts" webdav is susceptible to Improper Access Control. Release Date: November 27, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type:...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2013/02/19 12:0 a.m.20 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: fed, myquizpoll, push2rss3ds, slideshare, wecdiscussion Release Date: February 19, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant...

7.8AI score
Exploits0Affected Software5
typo3
typo3
added 2013/02/19 12:0 a.m.20 views

Cross-Site Scripting vulnerability in extension Static Info Tables (static_info_tables)

It has been discovered that the extension "Static Info Tables" staticinfotables is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.3.0 and below Vulnerability Type: Cross-Site...

6.3AI score
Exploits0Affected Software1
typo3
typo3
added 2012/06/07 12:0 a.m.20 views

Cross-site scripting vulnerability in extension powermail for TYPO3 (powermail)

It has been discovered that the extension "powermail" powermail is vulnerable to cross-site scripting. Release Date: May 30, 2012 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.6.6 and below Vulnerability Type:...

6.1AI score
Exploits0Affected Software1
typo3
typo3
added 2012/02/23 12:0 a.m.20 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: tkcropthumbs, t3extplorer, tcbeuser, anpredigten, solr, pdfcontroller, cc20, jwplayer Release Date: February 23, 2012 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensio...

7.7AI score
Exploits0Affected Software8
typo3
typo3
added 2011/09/07 12:0 a.m.20 views

Several Vulnerabilities in extension MailformPlus (th_mailformplus)

Several vulnerabilities have been found in the following third-party TYPO3 extension: thmailformplus Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.0.15 and below Vulnerability Types: Cross-Site Scripting Severit...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2011/07/27 12:0 a.m.20 views

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Information Disclosure, Authentication Delay Bypass, Unserialize vulnerability, Missing Access Control. Component Type: TYPO3 Core Affected Versions: 4.3.11 and below, 4.4.8 and below, 4.5.3 and below Vulnerability...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2008/04/16 12:0 a.m.20 views

Vulnerabilities in extensions in pmk_rssnewsexport and scm_rdfexport

It has been discovered that the extensions pmkrssnewsexport and cmrdfexport are vulnerable to SQL Injection attacks. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions: pmkrssnewsexport: All versions, cmrdfexport: All version...

8.4AI score
Exploits0Affected Software2
typo3
typo3
added 2007/12/10 12:0 a.m.20 views

SQL Injection in system extension indexed_search

It has been discovered that the system extension indexedsearch is vulnerable to a SQL Injection flaw. Component Type: System extension, part of the TYPO3 default installation. Affected Versions: TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.3. Vulnerability Type: SQL Injection. Severity: Low...

7.5AI score
Exploits0Affected Software1
typo3
typo3
added 2005/11/07 12:0 a.m.20 views

th_mailformplus

A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/12/17 12:0 a.m.19 views

Possible Insecure Deserialization in Extbase Request Handling

It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2019/10/15 12:0 a.m.19 views

Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)

The extension fails to sanitize user input which allows to execute arbitrary Extbase actions resulting in Remote Code Execution...

7.5CVSS9.5AI score0.02427EPSS
Exploits0Affected Software1
typo3
typo3
added 2015/09/30 12:0 a.m.19 views

Information Disclosure in extension "LDAP" (eu_ldap)

It has been discovered that the extension "LDAP" euldap is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.8.18 and below Vulnerability Type:...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2015/06/15 12:0 a.m.19 views

SQL Injection vulnerability in extension wt_directory (wt_directory)

It has been discovered that the extension "wtdirectory" wtdirectory is susceptible to SQL Injection Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.4.1 and below Vulnerability Type: SQL...

7.3AI score
Exploits0Affected Software1
typo3
typo3
added 2014/01/28 12:0 a.m.19 views

Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Request Forgery CSRF Overall Severity: Low Release Date: January 31, 2014 Affected Versions: All versions below 6.2 CVE: Will be requested. Probl...

7.3AI score
Exploits0Affected Software1
typo3
typo3
added 2012/08/15 12:0 a.m.19 views

Several Vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.18, 4.6.0 up to 4.6.11, 4.7.0 up to 4.7.3 and development releases of the 6....

7.4AI score
Exploits0Affected Software1
typo3
typo3
added 2011/08/29 12:0 a.m.19 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: MM DAM - FEFileList mmdamfilelist, Events julleevents, WEC Staff Directory wecstaffdirectory, TGM news tgmnews, TGM media tgmmedia, TGM calendar module tgmcal, DAM Lightbox damlightbox, Download system...

7.4AI score
Exploits0Affected Software12
typo3
typo3
added 2011/08/03 12:0 a.m.19 views

Multiple SQL Injection vulnerabilities in extension "Website Photo Gallery" (jm_gallery)

It has been discovered that the extension Website Photo Gallery jmgallery is vulnerable to SQL injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.9.1 and below Vulnerability Type: SQL Injection Severity:...

7.8AI score
Exploits0Affected Software1
typo3
typo3
added 2009/10/20 12:0 a.m.19 views

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search solr, Random Images maagrandomimage, Flagbit Filebase fbfilebase, freeCap CAPTCHA srfreecap Release Date: Oktober 20, 2009 Please read first: This Collective Security Bulletin CSB is a listin...

7.4AI score
Exploits0Affected Software4
typo3
typo3
added 2009/03/05 12:0 a.m.19 views

Multiple vulnerabilities in TYPO3 third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: "Accessibility Glossary" a21glossary, "Calendar Base" cal, "Flat Manager" flatmgr Release Date: March 05, 2009 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with...

7AI score
Exploits0Affected Software3
typo3
typo3
added 2009/02/10 12:0 a.m.19 views

Information Disclosure & XSS in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Information Disclosure and Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.3.x, 3.5.x, 3.6.x, 3.7.x, 3.8.x, 4.0 to 4.0.11, 4.1.0 to 4.1.9, 4.2.0 to 4.2.5, 4.3alpha1 Vulnerability Types: Information...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2008/11/13 12:0 a.m.19 views

Cross-Site Scripting vulnerability in TYPO3 Core

It has been discovered that the frontend plugin of system extension "felogin" is vulnerable to Cross-Site Scripting XSS. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 4.2.0, 4.2.1 and 4.2.2 Vulnerability Type: Cross Site Scripting Vulnerability: The frontend plugin of system...

6.7AI score
Exploits0Affected Software1
typo3
typo3
added 2008/05/27 12:0 a.m.19 views

SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)

It has been discovered that the extension "Library for Frontend plugins" sgzfelib is susceptible to SQL Injections. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.512 and below Vulnerability Type: SQL Injection...

7.1AI score
Exploits0Affected Software1
typo3
typo3
added 2005/11/14 12:0 a.m.19 views

TYPO3 Security Bulletin

In the past, a "Shift Reload" from the browser AKA a GET request with the "no-cache" pragma set cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks. Component Type: Core Affected Components: TYPO3 Page Cache Versions: TYPO3 3.8.0...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2020/07/07 12:0 a.m.18 views

Remote Code Execution in extension "Turn!" (turn)

The extensions fails to sanitize user input resulting in Remote Code Execution. The issue is only exploitable, when the attacker has FTP/SFTP access to the TYPO3 website...

6.5CVSS8.4AI score0.01924EPSS
Exploits0Affected Software1
typo3
typo3
added 2020/03/10 12:0 a.m.18 views

Remote Code Execution in extension "PHPUnit" (phpunit)

A PHP script located in “src/Util/PHP/eval-stdin.php” can be used to execute arbitrary PHP code in context of the webserver. The vulnerability is only exploitable if the vendor/ directory is publicly accessible...

7.6AI score
Exploits0Affected Software1
typo3
typo3
added 2019/05/07 12:0 a.m.18 views

Arbitrary file Upload in extension "Yet Another Gallery" (yag)

The extension contains the 3rd party component “Uploadify”, which includes a demo script for uploading files with the file extensions “jpg”, “jpeg”, “gif” and “png” to the server. Also, a demo script is present, which allows to check for the existence of a given filename...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.18 views

Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability...

7AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.18 views

Cross-Site Scripting in Language Pack Handling

Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting...

6.5AI score
Exploits0Affected Software1
typo3
typo3
added 2019/01/22 12:0 a.m.18 views

Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

6.8AI score
Exploits0Affected Software1
typo3
typo3
added 2016/04/12 12:0 a.m.18 views

Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...

7.3AI score
Exploits0Affected Software1
typo3
typo3
added 2016/04/12 12:0 a.m.18 views

Arbitrary File Disclosure in Form Component

It has been discovered, that TYPO3 Form Component is susceptible to Arbitrary File Disclosure. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Form Vulnerability Type: Arbitrary File Disclosure Affected Versions: Versions 6.2.0 to 6.2.19 Severity: High Suggested CV...

7.2AI score
Exploits0Affected Software1
typo3
typo3
added 2016/03/03 12:0 a.m.18 views

Cross-Site Scripting in extension "Google Sitemap" (enter_new_weeaar_googlesitemap)

It has been discovered that the extension "Google Sitemap" enternewweeaargooglesitemap is susceptible to Cross-Site Scripting. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.0 and...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2015/07/01 12:0 a.m.18 views

Frontend login Session Fixation

It has been discovered that TYPO3 is susceptible to session fixation. Component Type: TYPO3 CMS Release Date: July 1, 2015 Vulnerable subcomponent: Frontend Logon Vulnerability Type: Session Fixation Affected Versions: Versions 6.2.0 to 6.2.13, 7.0.0 to 7.3.0 Severity: Low Suggested CVSS v2.0:...

6.3AI score
Exploits0Affected Software1
typo3
typo3
added 2011/10/18 12:0 a.m.18 views

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting and Full Path Disclosure. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.11.5 and below Vulnerability Type:...

5.6AI score
Exploits0Affected Software1
typo3
typo3
added 2010/10/26 12:0 a.m.18 views

TYPO3 Security Bulletin

It has been discovered that the extension powermail powermail is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.4 and below Vulnerability Type: Cross-Site Scripting Severity:...

6.5AI score
Exploits0Affected Software1
typo3
typo3
added 2010/04/14 12:0 a.m.18 views

Vulnerabilitiy in extension Tip-A-Friend (tipafriend)

It has been discovered that the extension Tip-A-Friend tipafriend is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extensions is not part of the TYPO3 default installation. Affected Versions: 1.2.3 Vulnerability Type: Cross Site Scripting Severity:...

6.7AI score
Exploits0Affected Software1
typo3
typo3
added 2010/02/01 12:0 a.m.18 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Event Manager eventmanagement, Game Article DB gamearticledb, Simple career mlcareer, Surprise Calendar mlsurprisecalendar, Search Api Ajax Google searchajaxgoogle, Download Manager sprdownloadmanager Release...

7.4AI score
Exploits0Affected Software6
typo3
typo3
added 2009/12/15 12:0 a.m.18 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Car car, TYPO3 Watchdog abawatchdog, File list drblob, ListMan nllistman, XDS Staff List xdsstaff, Document Directorys danpdocumentdirs, Random Prayer Version 2 steprayer2, Diocese of Portsmouth Resources...

7.4AI score
Exploits0Affected Software19
typo3
typo3
added 2009/06/16 12:0 a.m.18 views

Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)

It has been discovered that the extension Modern Guestbook / Commenting system veguestbook is vulnerable to Cross-Site Scripting. Release Date: June 16, 2009 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.7.1 and...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2008/07/01 12:0 a.m.18 views

Cross Site Scripting vulnerability in extension phpmyadmin

It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.0.1 and all versions below Vulnerability Type: Cross Site...

6.6AI score
Exploits0Affected Software1
typo3
typo3
added 2008/05/13 12:0 a.m.18 views

Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)

It has been discovered that the extension Event Database rlmpeventdb is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.1 and below Vulnerability Type: Cross Site...

6.6AI score
Exploits0Affected Software1
Total number of security vulnerabilities473