CVE-2012-6144
https://notcve.org/view.php?id=CVE-2012-6144
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo BackEnd History en TYPO3 4.5.x anterior a 4.5.21, 4.6.x anterior a 4.6.14, y 4.7.x anterior a 4.7.6, permite a usuarios del backend autenticados remotamente inyectar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/87115 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005 http://www.openwall.com/lists/oss-security/2013/06/19/4 https://exchange.xforce.ibmcloud.com/vulnerabilities/79964 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-1842
https://notcve.org/view.php?id=CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." Vulnerabilidad de inyección SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados, en relación con "el Query Object Model y los valores de relación". • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://osvdb.org/90925 http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.securityfocus.com/bid/58330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-1843
https://notcve.org/view.php?id=CVE-2013-1843
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.osvdb.org/90924 http://www.securityfocus.com/bid/58330 • CWE-399: Resource Management Errors •
CVE-2012-3529
https://notcve.org/view.php?id=CVE-2012-3529
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. El módulo de configuración en el backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados obtener la clave de cifrado a través de vectores no especificados. • http://osvdb.org/84775 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-3528
https://notcve.org/view.php?id=CVE-2012-3528
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.5.x anterior a v4.5.19, v4.6.x before v4.6.12 y v4.7.x anterior a v4.7.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://osvdb.org/84771 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77792 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •