Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27892
HistoryApr 09, 2012 - 12:00 a.m.

[SECURITY] [DSA 2445-1] typo3-src security update

2012-04-0900:00:00
vulners.com
17
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2445-1 [email protected]
http://www.debian.org/security/ Florian Weimer
March 31, 2012 http://www.debian.org/security/faq

Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-1606 CVE-2012-1607 CVE-2012-1608

Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework:

CVE-2012-1606
Failing to properly HTML-encode user input in several places,
the TYPO3 backend is susceptible to Cross-Site Scripting. A
valid backend user is required to exploit these
vulnerabilities.

CVE-2012-1607
Accessing a CLI Script directly with a browser may disclose
the database name used for the TYPO3 installation.

CVE-2012-1608
By not removing non printable characters, the API method
t3lib_div::RemoveXSS() fails to filter specially crafted HTML
injections, thus is susceptible to Cross-Site Scripting.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze3.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 4.5.14+dfsg1-1.

We recommend that you upgrade your typo3-src packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJPduYCAAoJEL97/wQC1SS+pQ4H/i/60HkUmm3wyur55Xvn6kCo
3A/idLzJTfSYvoE5V6KPxM5A23IGIermN9qiNO5nHHcRtRJkbFafZHtcoQZwBm1Z
Ryjx+gSt8s7C3WJKEDy76tHgcdhtSL9l3VMdTAMBv6ZVT1ts5WKUnoHFCu10yLQh
/EcuNctElQz6chub6yrTIgOViLwY+RTLYY9SlhE3rt6j2mpGyBZn2IK+QCIbpGBN
UCT0O7w1i4Jn5gYoxQuArM0+fy+ej/1r91O50DiCnXbp11xQxFHcK28QxVIQhYDi
B09MrGZdjxvLY+G3l0D4A1z+83bySa8R+qSHsMy8Q6m46ipk0LyOpjB17RdqnbI=
=dWxS
-----END PGP SIGNATURE-----

Related

debian 1
openvas 3
osv 3
nessus 1
typo3 1
prion 3
ubuntucve 3
github 2
cve 3
securityvulns 1
debian
debian
[SECURITY] [DSA 2445-1] typo3-src security update
2012-03-31 11:12:27
openvas
openvas
Debian Security Advisory DSA 2445-1 (typo3-src)
2012-04-30 00:00:00
TYPO3 Multiple Vulnerabilities (Mar 2012)
2014-01-02 00:00:00
Debian: Security Advisory (DSA-2445-1)
2012-04-30 00:00:00
osv
osv
typo3-src - several
2012-03-31 00:00:00
Typo3 API XSS Vulnerabilities
2022-05-17 05:23:54
Typo3 Backend XSS Vulnerabilities
2022-05-17 05:23:54
nessus
nessus
Debian DSA-2445-1 : typo3-src - several vulnerabilities
2012-04-02 00:00:00
typo3
typo3
Several Vulnerabilities in TYPO3 Core
2012-03-28 00:00:00
prion
prion
Server side request forgery (ssrf)
2012-09-04 20:55:00
Cross site scripting
2012-09-04 20:55:00
Cross site scripting
2012-09-04 20:55:00
ubuntucve
ubuntucve
CVE-2012-1607
2012-09-04 00:00:00
CVE-2012-1606
2012-09-04 00:00:00
CVE-2012-1608
2012-09-04 00:00:00
github
github
Typo3 Backend XSS Vulnerabilities
2022-05-17 05:23:54
Typo3 API XSS Vulnerabilities
2022-05-17 05:23:54
cve
cve
CVE-2012-1608
2012-09-04 20:55:00
CVE-2012-1607
2012-09-04 20:55:00
CVE-2012-1606
2012-09-04 20:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-04-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:27892
debian1openvas3osv3nessus1typo31prion3ubuntucve3github2cve3securityvulns1