CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4683
https://notcve.org/view.php?id=CVE-2013-4683
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión meta_feedit v0.1.10 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://osvdb.org/93806 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007 https://exchange.xforce.ibmcloud.com/vulnerabilities/84661 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 97EXPL: 0CVE-2013-4682
https://notcve.org/view.php?id=CVE-2013-4682
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Multishop v2.0.39 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/53441 http://typo3.org/extensions/repository/view/multishop http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1 http://www.securityfocus.com/bid/60271 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4634
https://notcve.org/view.php?id=CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el autocompletado de jQuery para la extensión indexed_search (rzautocomplete) antes de v0.0.9 de TYPO3 que permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/93815 http://secunia.com/advisories/53633 http://typo3.org/extensions/repository/view/rzautocomplete http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007 http://www.securityfocus.com/bid/60276 https://exchange.xforce.ibmcloud.com/vulnerabilities/84659 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1842
https://notcve.org/view.php?id=CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." Vulnerabilidad de inyección SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados, en relación con "el Query Object Model y los valores de relación". • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://osvdb.org/90925 http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.securityfocus.com/bid/58330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 54EXPL: 0CVE-2013-1843
https://notcve.org/view.php?id=CVE-2013-1843
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.osvdb.org/90924 http://www.securityfocus.com/bid/58330 • CWE-399: Resource Management Errors •