Filtered by vendor Typo3
Subscribe
Total
513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | |||||
| CVE-2008-6630 | 1 Typo3 | 2 Typo3, Wt Gallery | 2025-04-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors. | |||||
| CVE-2008-3044 | 1 Typo3 | 1 News Calendar Extension | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6690 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | |||||
| CVE-2009-3630 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | |||||
| CVE-2009-4400 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4395 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2344 | 1 Typo3 | 1 Air Filemanager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4162 | 2 Mauro Lorenzutti, Typo3 | 2 Wfqbe, Typo3 | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6338 | 2 Typo3, Weber-ebusiness | 2 Typo3, Wes Facilities | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3047 | 1 Typo3 | 1 Kb Unpack Extension | 2025-04-09 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
| CVE-2008-6343 | 1 Typo3 | 2 Tu-clausthal Odin, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2489 | 1 Typo3 | 1 Sg Zfelib | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | |||||
| CVE-2009-0815 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 5.0 MEDIUM | N/A |
| The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | |||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | |||||