Lucene search

K

TYPO3 Core Security Vulnerabilities

cve
cve

CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5AI Score

0.002EPSS

2013-12-23 11:55 PM
33
cve
cve

CVE-2013-7081

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified...

6.3AI Score

0.002EPSS

2013-12-23 11:55 PM
31
cve
cve

CVE-2013-7079

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

6.5AI Score

0.003EPSS

2013-12-23 11:55 PM
31
cve
cve

CVE-2013-7073

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified...

6.2AI Score

0.002EPSS

2013-12-23 11:55 PM
33
cve
cve

CVE-2013-7080

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

6.7AI Score

0.002EPSS

2013-12-23 11:55 PM
35
cve
cve

CVE-2013-7077

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.7AI Score

0.003EPSS

2013-12-21 12:55 AM
21
cve
cve

CVE-2013-7074

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.2AI Score

0.001EPSS

2013-12-21 12:55 AM
34
cve
cve

CVE-2013-7076

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.6AI Score

0.003EPSS

2013-12-21 12:55 AM
37
cve
cve

CVE-2012-6144

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified...

7.9AI Score

0.001EPSS

2013-07-01 09:55 PM
24
cve
cve

CVE-2012-6148

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified...

5.3AI Score

0.001EPSS

2013-07-01 09:55 PM
16
cve
cve

CVE-2012-6145

Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified...

5.2AI Score

0.001EPSS

2013-07-01 09:55 PM
27
cve
cve

CVE-2012-6147

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified...

5.2AI Score

0.001EPSS

2013-07-01 09:55 PM
25
cve
cve

CVE-2013-1843

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

6.5AI Score

0.005EPSS

2013-03-20 03:55 PM
34
cve
cve

CVE-2013-1842

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation...

8.3AI Score

0.004EPSS

2013-03-20 03:55 PM
33
cve
cve

CVE-2012-3530

Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript...

5.5AI Score

0.003EPSS

2012-09-05 11:55 PM
37
cve
cve

CVE-2012-3529

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified...

6AI Score

0.002EPSS

2012-09-05 11:55 PM
30
cve
cve

CVE-2012-3531

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.6AI Score

0.002EPSS

2012-09-05 11:55 PM
31
cve
cve

CVE-2012-3528

Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified...

5.2AI Score

0.001EPSS

2012-09-05 11:55 PM
29
cve
cve

CVE-2012-2112

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception...

5.5AI Score

0.003EPSS

2012-08-27 09:55 PM
30
cve
cve

CVE-2010-5099

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as...

6.7AI Score

0.085EPSS

2012-05-30 08:55 PM
28
cve
cve

CVE-2010-5102

Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified...

6.9AI Score

0.008EPSS

2012-05-21 08:55 PM
18
cve
cve

CVE-2010-5103

SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified...

8.1AI Score

0.002EPSS

2012-05-21 08:55 PM
21
cve
cve

CVE-2010-5104

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE...

6.1AI Score

0.007EPSS

2012-05-21 08:55 PM
30
cve
cve

CVE-2010-5098

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.2AI Score

0.001EPSS

2012-05-21 08:55 PM
21
cve
cve

CVE-2010-5100

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

5.3AI Score

0.001EPSS

2012-05-21 08:55 PM
27
cve
cve

CVE-2010-5097

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.7AI Score

0.003EPSS

2012-05-21 08:55 PM
24
cve
cve

CVE-2010-5101

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion...

6.3AI Score

0.002EPSS

2012-05-21 08:55 PM
21
cve
cve

CVE-2008-2717

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple....

6.7AI Score

0.003EPSS

2008-06-16 10:41 PM
32
Total number of security vulnerabilities128