CVE-2012-5889
https://notcve.org/view.php?id=CVE-2012-5889
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión PowerMail antes de v1.6.5 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/74461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5890
https://notcve.org/view.php?id=CVE-2012-5890
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. La extensión 'Front End User Registration' (sr_feuser_register) antes de v2.6.2 para TYPO3 permite a atacantes remotos obtener nombres de usuario y contraseñas a través de las funcionalidad de (1) editar Perspectivas o (2) inicio de sesión automático ('autologin'). • http://forge.typo3.org/projects/extension-sr_feuser_register/repository/entry/trunk/ChangeLog http://forge.typo3.org/projects/extension-sr_feuser_register/repository/revisions/58720 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/80145 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-5888
https://notcve.org/view.php?id=CVE-2012-5888
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la extensión "Basic SEO Features" (seo_basics) antes de v0.8.2 para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://forge.typo3.org/issues/35532 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006 http://www.securityfocus.com/bid/52772 https://exchange.xforce.ibmcloud.com/vulnerabilities/74483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1605
https://notcve.org/view.php?id=CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." El Extbase Framework en TYPO3 4.6.x a través de 4.6.6, 4.7 y 6.0 variable de datos no confiables, permite a atacantes remotos tomar una variable de objetos arbitrarios y posiblemente ejecutar código arbitrario a través de vectores relacionados con "falta de una firma (HMAC) para un argumento solicitud. • http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001 http://www.openwall.com/lists/oss-security/2012/03/30/4 http://www.osvdb.org/80759 http://www.securityfocus.com/bid/52771 •
CVE-2012-3527
https://notcve.org/view.php?id=CVE-2012-3527
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." view_help.php en el sistema de ayuda backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados tomar una variable de objetos arbitrarios y posiblemente ejecutar código PHP arbitrario a través de un parámetro no especifico, en relación con una "missing signature (HMAC)." • http://osvdb.org/84773 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77791 • CWE-502: Deserialization of Untrusted Data •