Page 22 of 153 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Install Tool en TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/78888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 3%CPEs: 30EXPL: 3

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. La funcionalidad fileDenyPattern en la API de protección de inclusión de archivos en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9, y 4.4.x antes v4.4.5, no filtra correctamente los tipos de archivos, lo que permite a atacantes remotos evitar restricciones de acceso y acceder a archivos arbitrarios de PHP, como se ha demostrado utilizando secuencias de rutas transversales con bytes nulos 00% y CVE-2010-3714 para leer la clave de cifrado TYPO3 de localconf.php. • https://www.exploit-db.com/exploits/15856 http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.exploit-db.com/exploits/15856 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www&# • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 32EXPL: 0

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el objeto de contenido FORM de TYPO3 4.2.x before 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5. Permite a atacantes remotos inyectar codigo de script web o código HTML de vectores sin especificar. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70122 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 32EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Install Tool en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.osvdb.org/70120 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 29EXPL: 0

SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo de la lista en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9 y v4.4.x antes de v4.4.5 permite ejecutar comandos SQL a usuarios remotos autenticados con determinados permisos a través de vectores no especificados. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70117 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •