473 matches found
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" a21glossaryadvancedoutput, "ClickStream Analyzer output" alternetcsaout, "Directory Listing" dirlisting, "Store Locator" locator, "Userdata Create/Edit" sguserdata, "Versatile...
Multiple vulnerabilities in TYPO3 third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Accessibility Glossary" a21glossary, "Calendar Base" cal, "Flat Manager" flatmgr Release Date: March 05, 2009 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with...
Information Disclosure & XSS in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Information Disclosure and Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.3.x, 3.5.x, 3.6.x, 3.7.x, 3.8.x, 4.0 to 4.0.11, 4.1.0 to 4.1.9, 4.2.0 to 4.2.5, 4.3alpha1 Vulnerability Types: Information...
XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to XSS and SQL injections. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.3.0 and all versions below Vulnerability Type: Cross-Site...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and Remote Command Execution. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 to 4.2.3 Vulnerability...
TYPO3 Security Bulletin
It has been discovered that the extension DR Wiki - Typo3 Wiki extension drwiki is vulnerable to Cross-Site Scripting XSS. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.7.1 and all versions below Vulnerability...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to SQL injections via XSRF. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.1 and all versions below Vulnerability Type: SQL injectio...
TYPO3 Security Bulletin
It has been discovered that the extension WEC Discussion Forum wecdiscussion is vulnerable to Cross-Site Scripting XSS and SQL injection. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.7.0 and all versions below...
TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Vox populi" mvvoxpopuli, "SB Universal Plugin" SBuniplug, "Simple File Browser" simplefilebrowser, "TU-Clausthal ODIN" tucodin, "TU-Clausthal Staff" tucstaff, "WEBERkommunal Facilities" wesfacilities Please re...
Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the backend module "file" is vulnerable to Cross-Site Scripting XSS. Component Type: TYPO3 Core Affected Version: TYPO3 version 4.2.2 Vulnerability Type: Cross Site Scripting Vulnerability: Backend module "file" is susceptible to Cross-Site Scripting. Severity: Low...
Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the frontend plugin of system extension "felogin" is vulnerable to Cross-Site Scripting XSS. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 4.2.0, 4.2.1 and 4.2.2 Vulnerability Type: Cross Site Scripting Vulnerability: The frontend plugin of system...
TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "advcalendar" advCalendar, "CMS Poll system" cmspoll, "eLuna Page Comments" elunapagecomments, "Wir ber uns" sic fsmipeople, "Dictionary" rtgdictionary Please read first: This Collective Security Bulletin CSB i...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.0 and all versions below Vulnerability Type: Cross-Site...
TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: JobControl dmmjobcontrol, Econda Plugin econda, Frontend Users View feusersview, Mannschaftsliste kiddogplayerlist, M1 Intern m1intern, Simple survey simplesurvey, Page Improvements smpageimprovements Please re...
SQL Injection in extension Commerce (commerce)
It has been discovered that the extension Commerce commerce is vulnerable to SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.9.6 and below. Vulnerability Type: SQL Injection Severity: HIGH...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.3.0 and all versions below Vulnerability Type: Cross-Site...
TYPO3 Security Bulletin
It has been discovered that the extension freeCap CAPTCHA srfreecap is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.0.3 and all versions below Vulnerability Type: Cross-Site...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Code Execution. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.2.0 and all versions below Vulnerability Type: Code execution...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)
It has been discovered that the extension Send-A-Card srsendcard is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.2.2 and all versions below Vulnerability Type: Insufficient...
Multiple vulnerabilities in extension WEC Discussion Forum (wec_discussion)
It has been discovered that the extension WEC Discussion Forum wecdiscussion is open to multiple security issues. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.6.2 and all versions below Vulnerability Type:...
Cross Site Scripting vulnerability in extension phpmyadmin
It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.0.1 and all versions below Vulnerability Type: Cross Site...
TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions. Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.x, 4.0 ...
SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" sgzfelib is susceptible to SQL Injections. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.512 and below Vulnerability Type: SQL Injection...
Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" kjimagelightbox2 is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.4.2 and below, possibly also all...
Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager airfilemanager is susceptible to Cross Site Scripting XSS attacks and allows Remote Code Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions: Version...
Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration srfeuserregister is susceptible to Cross Site Scripting XSS attacks and allows Remote Command Execution. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions:...
Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension wtgallery is susceptible to Path Traversal and Cross Site Scripting XSS attacks. Besides that, it may disclose sensitive information. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions:...
Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)
It has been discovered that the extension Event Database rlmpeventdb is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.1 and below Vulnerability Type: Cross Site...
Multiple vulnerabilities in extension Statistics (ke_stats)
It has been discovered that the extension Statistics kestats is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and...
Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension Questionaire pbsurvey is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.2.0 and below Vulnerability Type: Cross Site...
Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting XSS attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.1.9 and all versions below Vulnerability Type: Cross Site...
Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus thmailformplus is susceptible to Cross Site Scripting XSS attacks and allows Remote Code Execution. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 4.0.3 and belo...
Vulnerabilities in extensions in pmk_rssnewsexport and scm_rdfexport
It has been discovered that the extensions pmkrssnewsexport and cmrdfexport are vulnerable to SQL Injection attacks. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation. Affected Versions: pmkrssnewsexport: All versions, cmrdfexport: All version...
Multiple vulnerabilities in extension de_phpot
It has been discovered that the extension dephpot is vulnerable to multiple SQL Injection flaws and other types of security issues. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: All versions Vulnerability Type: SQL Injectio...
SQL Injection in system extension indexed_search
It has been discovered that the system extension indexedsearch is vulnerable to a SQL Injection flaw. Component Type: System extension, part of the TYPO3 default installation. Affected Versions: TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.3. Vulnerability Type: SQL Injection. Severity: Low...
Multiple vulnerabilities in extension ve_guestbook
It has been discovered that the extension veguestbook is vulnerable to SQL Injection attacks. Also, a Cross Site Scripting issue has been detected. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 1.9.3 and below...
Remote shell command execution in extensions embedding PHPMailer
Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution. Component Type: Third party tool. This tool is not part of the TYPO3 default installation. Affected extensions: agprjmgm version 0.0.1 bbphpmailer version 1.73.1 and a...
Cross Site Scripting vulnerability in faq
It has been discovered that the extension faq is susceptible to cross site scripting XSS attacks, making it possible to execute arbitrary JavaScript. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.0.7 and all versio...
Information Disclosure from phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo information in special cases. The standalone version of phpmyadmin is not affected. Component Type: Third party extension. This extension is not part of the TYPO3 default...
Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected...
SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 2.1.2 and all versions below Vulnerability Type: SQL...
Incorrect authentication
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.1.2 and all versions below...
Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: a TYPO3 extension...
Information disclosure in w4x_backup
It has been discovered that the extension w4xbackup has several security related issues, which may disclosure confidential information. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected Versions: Version 0.9.1 and all versions below...
SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macinabanners and its descendant ricrotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation Affecte...
Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for. Component Type: TYPO3 Core Affected Versions: TYPO3 4.x below 4.0.5, 4.1beta, 4.1RC1, TYPO3 Versions 3.x Vulnerability Type: Email header...
Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mmforum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities. Component Type: Third party extension. This extension is not part of the TYPO3 default installation. Affected Versions: Version 0.1.2 and all...