CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5102
https://notcve.org/view.php?id=CVE-2010-5102
21 May 2012 — Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio enmod/tools/em/class.em_unzip.php en la librería unzip library en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos escribir ficheros a través de parámetros no especi... • http://bugs.typo3.org/view.php?id=16362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5103
https://notcve.org/view.php?id=CVE-2010-5103
21 May 2012 — SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo de la lista en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9 y v4.4.x antes de v4.4.5 permite ejecutar comandos SQL a usuarios remotos autenticados con determinados permisos a través de vectores no especificados. • http://secunia.com/advisories/35770 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5104
https://notcve.org/view.php?id=CVE-2010-5104
21 May 2012 — The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. El método escapeStrForLike de TYPO3 4.2.x anteriores a 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5 no codifican los caracteres no permitidos ("escape") apropiadamente de la entrada cuando la base... • http://secunia.com/advisories/35770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3629
https://notcve.org/view.php?id=CVE-2009-3629
02 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permiten a ... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3632
https://notcve.org/view.php?id=CVE-2009-3632
02 Nov 2009 — SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la funcionalidad de edición del "frontend" (portal de usuario) tradicional del subcomponente "Frontend Editing" (edición del portal de usuario) de TYPO3 v4.0.13 y anteriores, ... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •