CVE-2010-5100
https://notcve.org/view.php?id=CVE-2010-5100
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Install Tool en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.osvdb.org/70120 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-5103
https://notcve.org/view.php?id=CVE-2010-5103
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo de la lista en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9 y v4.4.x antes de v4.4.5 permite ejecutar comandos SQL a usuarios remotos autenticados con determinados permisos a través de vectores no especificados. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70117 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-5102
https://notcve.org/view.php?id=CVE-2010-5102
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio enmod/tools/em/class.em_unzip.php en la librería unzip library en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos escribir ficheros a través de parámetros no especificados. • http://bugs.typo3.org/view.php?id=16362 http://secunia.com/advisories/35770 http://securesystems.ca/advisory.php?id=2010-001 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-5097
https://notcve.org/view.php?id=CVE-2010-5097
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "click enlarge" de TYPO3 4.3.x anteriores a 4.3.9 y 4.4.x anteriores a 4.4.5. Cuando la plataforma de caché está habilitada, permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70123 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-5101
https://notcve.org/view.php?id=CVE-2010-5101
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." Vulnerabilidad de salto de directorio en la configuración de TypoScript en TYPO3 v4.2.x y anteriores a v4.2.16, v4.3.x y anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5. permite a administradores remotos autenticados leer ficheros arbitrarios a través de vectores no especificados y relacionados con la "funcionalidad de inclusión de fichero". • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70119 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •