Lucene search
K

473 matches found

Typo3
Typo3
added 2018/08/09 12:0 a.m.12 views

Captcha bypass in extension "Front End User Registration" (sr_feuser_register)

When the extension is used together with the TYPO3 Extension srfreecap, it is possible to bypass the catcha in the registration form...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/08/09 12:0 a.m.103 views

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

5.1CVSS3.5AI score0.50427EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2018/07/12 12:0 a.m.29 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/07/12 12:0 a.m.12 views

Privilege Escalation & SQL Injection in TYPO3 CMS

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework system extension "form" is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be...

8.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/07/12 12:0 a.m.117 views

Authentication Bypass in TYPO3 CMS

It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/07/12 12:0 a.m.21 views

Insecure Deserialization in TYPO3 CMS

It has been discovered that the Form Framework system extension "form" is vulnerable to Insecure Deserialization when being used with the additional PHP PECL package “yaml”, which is capable of unserializing YAML contents to PHP objects. A valid backend user account as well as having PHP setting...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/12/19 12:0 a.m.6 views

Cross Site-Scripting in extension "Caretaker" (caretaker)

Solution: An updated version 0.8.1 is available from the TYPO3 Extension Manager and at . Users of the extension are advised to update the extension as soon as possible...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/09/05 12:0 a.m.496 views

Information Disclosure in TYPO3 CMS

It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/09/05 12:0 a.m.499 views

Information Disclosure in TYPO3 CMS

It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/09/05 12:0 a.m.512 views

Arbitrary Code Execution in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Arbitrary Code Execution. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Arbitrary Code Execution Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: None - High depending on web server configuratio...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/09/05 12:0 a.m.493 views

Cross-Site Scripting in TYPO3 CMS Backend

It has been discovered, that TYPO3 CMS is vulnerable to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C CVE: not...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/07/11 12:0 a.m.564 views

SQL Injection in extension "Faceted Search" (ke_search)

It has been discovered that the extension "Faceted Search" kesearch is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.4.1 and below Vulnerability Type: SQ...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/07/11 12:0 a.m.512 views

SQL Injection in extension "Content Rating Extbase" (content_rating_extbase)

It has been discovered that the extension "Content Rating Extbase" contentratingextbase is susceptible to SQL Injection. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.3 and below...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/07/11 12:0 a.m.655 views

Remote Code Execution in extension "AH Sendmail" (ah_sendmail)

It has been discovered that the extension "AH Sendmail" ahsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerability...

7.5CVSS3.5AI score0.98038EPSS
Exploits19Affected Software1
Typo3
Typo3
added 2017/07/11 12:0 a.m.671 views

Remote Code Execution in extension "PHPMailer" (bb_phpmailer)

It has been discovered that the extension "PHPMailer" bbphpmailer is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.73.1 and below Vulnerability...

7.5CVSS3.6AI score0.98038EPSS
Exploits19Affected Software1
Typo3
Typo3
added 2017/07/11 12:0 a.m.604 views

Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)

It has been discovered that the extension "Maag Sendmail" maagsendmail is susceptible to Remote Code Execution. Release Date: July 11, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 and below Vulnerabili...

7.5CVSS3.4AI score0.98038EPSS
Exploits19Affected Software1
Typo3
Typo3
added 2017/04/10 12:0 a.m.509 views

SQL Injection in extension "Event management and registration" (sf_event_mgt)

It has been discovered that the extension "Event management and registration" sfeventmgt is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.8.0 and below...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/04/10 12:0 a.m.1556 views

SQL Injection in extension "News system" (news)

It has been discovered that the extension "News system" news is susceptible to SQL Injection. Release Date: April 10, 2017 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 5.3.2 and below Vulnerability Type: SQL...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/02/28 12:0 a.m.500 views

Cross-Site Scripting in TYPO3 CMS

It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: February 28, 2017 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.6.0 to 7.6.15 and 8.0.0 to 8.6.0 Severity: Low Suggested CVSS v2.0:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/02/28 12:0 a.m.610 views

Authentication Bypass in TYPO3 Frontend

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: February 28, 2017 Vulnerable subcomponent: Frontend Vulnerability Type: Authentication Bypass Affected Versions: Versions 8.2.0 to 8.6.0 Severity: Medium Suggested CVSS v2.0:...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2017/01/03 12:0 a.m.610 views

Remote Code Execution in third party library swiftmailer

It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution Component Type: TYPO3 CMS Release Date: January 3, 2017 Vulnerability Type: Remote Code Execution Affected Versions: 6.2.0 to 6.2.29, 7.6.0 to 7.6.14 and 8.0.0 to 8.5.0 Severity: Lo...

9.7AI score0.41827EPSS
Exploits18Affected Software1
Typo3
Typo3
added 2016/11/22 12:0 a.m.492 views

Insecure Unserialize in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity:...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/22 12:0 a.m.506 views

Path Traversal in TYPO3 Core

It has been discovered, that TYPO3 is susceptible to Path Traversal. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Core Vulnerability Type: Path Traversal Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity: Low Suggested...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.481 views

Unvalidated Redirect in extension "TC Directmail" (tcdirectmail)

It has been discovered that the extension "TC Directmail" tcdirectmail is susceptible to Unvalidated Redirect. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.1.2 and below...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.483 views

Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)

It has been discovered that the extension "Code Highlighter" mhcodehighlighter is susceptible to Insecure Unserialize and SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: versio...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.486 views

SQL Injection in extension "Member Infosheets" (if_membersheet)

It has been discovered that the extension "Member Infosheets" ifmembersheet is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.1.2 and below...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.481 views

SQL Injection in extension "Shibboleth Authentication" (shibboleth_auth)

It has been discovered that the extension "Shibboleth Authentication" shibbolethauth is susceptible to SQL Injection. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.6.3 and below...

7.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.480 views

Cross-Site Scripting in extension "Store Locator" (locator)

It has been discovered that the extension "Store Locator" locator is susceptible to Cross-Site Scripting. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.3.6 and below Vulnerability...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/14 12:0 a.m.487 views

Cross Site-Scripting in extension "Secure Download Form" (rs_securedownload)

It has been discovered that the extension "Secure Download Form" rssecuredownload is susceptible to Cross Site-Scripting. Release Date: November 14, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.3.2 and bel...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/11 12:0 a.m.486 views

Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)

It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...

6.3AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/11/11 12:0 a.m.490 views

Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)

It has been discovered that the extension "TC Directmail " tcdirectmail is susceptible to Cross Site-Scripting and SQL Injection. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 3.1.1...

7.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/29 12:0 a.m.485 views

SQL Injection in extension "Events" (jp_events)

It has been discovered that the extension "Events" jpevents is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.0.2 and below Vulnerability Type: SQL...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/29 12:0 a.m.498 views

SQL Injection in extension "GN Tactics Planner" (sf_gntactics)

It has been discovered that the extension "GN Tactics Planner" sfgntactics is susceptible to SQL Injection. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.2.8 and below...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/29 12:0 a.m.509 views

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" phpmyadmin has multiple vulnerabilities. Release Date: September 29, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 5.1.6 and below Vulnerability Type: Multiple...

7.1AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/13 12:0 a.m.481 views

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: September 13, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: 6.2.0 to 6.2.26, 7.6.0 to 7.6.10 and 8.0.0 to 8.3.0 Severity: Low Suggested CVSS v2.0:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/13 12:0 a.m.539 views

Cache Flooding in TYPO3 Frontend

It has been discovered, that TYPO3 is vulnerable to Cache Flooding Component Type: TYPO3 CMS Release Date: September 13, 2016 Vulnerability Type: Cache Flooding Affected Versions: 6.2.0 to 6.2.26, 7.6.0 to 7.6.10 and 8.0.0 to 8.3.0 Severity: Low Suggested CVSS v2.0:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/12 12:0 a.m.497 views

Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.8 and below Vulnerability Type: Arbitrary Code Execution Severity: High Suggested CVSS v2.0:...

7.4AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/09/08 12:0 a.m.484 views

Denial of Service in extension "Speaking URLs for TYPO3" (realurl)

It has been discovered that the extension "Speaking URLs for TYPO3" realurl is susceptible to Denial of Service. Release Date: September 8, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.0.0 to 2.0.14...

6.8AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.485 views

Cross-Site Scripting in third party library mso/idna-convert

It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Low Suggested...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.597 views

SQL Injection in TYPO3 Frontend Login

It has been discovered, that TYPO3 is susceptible to SQL Injection. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Frontend Login Vulnerability Type: SQL Injection Affected Versions: Versions 6.2.0 to 6.2.25 and 7.6.0 to 7.6.9 Severity: Medium Suggested CVSS v2.0:...

7.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.483 views

Cross-Site Scripting vulnerability in typolinks

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Low Suggested CVSS v2.0:...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.498 views

Cross-Site Scripting in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: Mediu...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.632 views

Environment Variable Injection

It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...

5.1CVSS0.6AI score0.50427EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.490 views

Insecure Unserialize in TYPO3 Import/Export

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...

6.9AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/19 12:0 a.m.475 views

Information Disclosure in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Information Disclosure. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Information Disclosure Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity: L...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/07 12:0 a.m.492 views

Insecure Unserialize in extension "Page path" (pagepath)

It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...

6.7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/07/07 12:0 a.m.489 views

Cross-Site Scripting in extension "CCDebug" (cc_debug)

It has been discovered that the extension "CCDebug" ccdebug is susceptible to Cross-Site Scripting. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.0 and below Vulnerability Type:...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/06/15 12:0 a.m.498 views

Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)

It has been discovered that the extension "Bootstrap Package" bootstrappackage is susceptible to Cross-Site Scripting. Release Date: June 15, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.15 and below...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/05/31 12:0 a.m.503 views

Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)

It has been discovered that the extension "Static Methods since 2007" div2007 is susceptible to Cross-Site Scripting. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.6.8 and below...

6.5AI score
Exploits0Affected Software1
Typo3
Typo3
added 2016/05/31 12:0 a.m.487 views

Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)

It has been discovered that the extension "MMC directmail subscription" mmcdirectmailsubscription is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 0.9.6 an...

6.7AI score
Exploits0Affected Software1
Total number of security vulnerabilities473