Page 48 of 487 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2011-3980

https://notcve.org/view.php?id=CVE-2011-3980

Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. Vulnerabilidad no especificada en la extensión Drag Drop Mass Upload (ameos_dragndropupload) v2.0.2 y anteriores para TYPO3 que permite a atacantes remotos subir archivos arbitrarios a través de vectores de ataque desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010 http://www.securityfocus.com/bid/49516 https://exchange.xforce.ibmcloud.com/vulnerabilities/69694 •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2011-1722

https://notcve.org/view.php?id=CVE-2011-1722

Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. Múltiples vulnerabilidades de inyección SQL en el componente WEC Discussion Forum (wec_discussion) 2.1.0 y versiones anteriores de TYPO3. Permite a usuarios remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. Se ha explotado en Abril del 2011. • http://osvdb.org/71674 http://secunia.com/advisories/44055 http://typo3.org/extensions/repository/view/wec_discussion/2.1.1 http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003 http://www.securityfocus.com/bid/47257 http://www.vupen.com/english/advisories/2011/0896 https://exchange.xforce.ibmcloud.com/vulnerabilities/66619 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 0

CVE-2010-4068

https://notcve.org/view.php?id=CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. Vulnerabilidad no especificada en Extension Manager en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 permite a administradores remotos autenticados leer y posiblemente modificar ficheros de su elección a través de parámetros manipulados, es una vulnerabilidad distinta a CVE-2010-3714. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 http://www.debian.org/security/2010/dsa-2121 http://www.securityfocus.com/bid/43786 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 8%CPEs: 26EXPL: 2

CVE-2010-3714 – TYPO3 - Arbitrary File Retrieval

https://notcve.org/view.php?id=CVE-2010-3714

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. La implementación de jumpUrl (también conocido como seguimiento de acceso) en tslib/class.tslib_fe.php en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no compara de forma adecuada ciertos valores hash durante las decisiones de control de acceso, lo que permite a atacantes remotos leer ficheros de su elección a través de vectores no específicos. • https://www.exploit-db.com/exploits/15856 http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 http://www.debian.org/security/2010/dsa-2121 http://www.exploit-db.com/exploits/15856 http://www.securityfocus.com/bid/43786 http://gregorkopf.de/slides_berlinsides_2010.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.0EPSS: 0%CPEs: 22EXPL: 0

CVE-2010-3716

https://notcve.org/view.php?id=CVE-2010-3716

The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. La tarea be_user_creation en TYPO3 v4.2.x anteriores a v4.2.15 y v4.3.x anteriores a v4.3.7 permite a usuarios remotos autenticados a obtener privilegios a través de peticiones POST manipuladas que crean una cuenta de usuario como miembro de un grupo arbitrario. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 http://www.debian.org/security/2010/dsa-2121 http://www.securityfocus.com/bid/43786 • CWE-20: Improper Input Validation •