Filtered by vendor Typo3
Subscribe
Total
477 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3818 | 2 Stanislas Rolland, Typo3 | 2 Sr Freecap, Typo3 | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | |||||
CVE-2008-6689 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2008-6690 | 1 Typo3 | 2 Nd Antispam, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors. | |||||
CVE-2008-5801 | 1 Typo3 | 1 Dictionary Extension | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2008-6686 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2008-2525 | 1 Typo3 | 1 Rlmp Eventdb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-1264 | 2 Stanislas Rolland, Typo3 | 2 Sr Feuser Register, Typo3 | 2024-02-04 | 4.0 MEDIUM | N/A |
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | |||||
CVE-2008-3049 | 1 Typo3 | 1 Pdf Generator 2 Extension | 2024-02-04 | 5.0 MEDIUM | N/A |
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2008-2275 | 1 Typo3 | 1 Sr Feuser Register Extension | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | |||||
CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-4658 | 1 Typo3 | 2 Jobcontrol, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2007-6381 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-5069 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | |||||
CVE-2006-6690 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | |||||
CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | N/A |
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | |||||
CVE-2005-4875 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. |