CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5104
https://notcve.org/view.php?id=CVE-2010-5104
21 May 2012 — The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. El método escapeStrForLike de TYPO3 4.2.x anteriores a 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5 no codifican los caracteres no permitidos ("escape") apropiadamente de la entrada cuando la base... • http://secunia.com/advisories/35770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0CVE-2010-5101
https://notcve.org/view.php?id=CVE-2010-5101
21 May 2012 — Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." Vulnerabilidad de salto de directorio en la configuración de TypoScript en TYPO3 v4.2.x y anteriores a v4.2.16, v4.3.x y anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5. permite a administradores remotos autenticados leer ficheros arbitrario... • http://secunia.com/advisories/35770 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2010-5100
https://notcve.org/view.php?id=CVE-2010-5100
21 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Install Tool en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos inyectar secuencias de comandos web o H... • http://secunia.com/advisories/35770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2010-5098
https://notcve.org/view.php?id=CVE-2010-5098
21 May 2012 — Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el objeto de contenido FORM de TYPO3 4.2.x before 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5. Permite a atacantes remotos inyectar codigo de script web o código HTML de vectores sin esp... • http://secunia.com/advisories/35770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-4068
https://notcve.org/view.php?id=CVE-2010-4068
25 Oct 2010 — Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. Vulnerabilidad no especificada en Extension Manager en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 permite a administradores remotos autenticados leer y posiblemente modificar ficher... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3717 – Debian Linux Security Advisory 2121-1
https://notcve.org/view.php?id=CVE-2010-3717
19 Oct 2010 — The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. La función t3lib_div::validEmail en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no restringe de fo... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3715 – Debian Linux Security Advisory 2121-1
https://notcve.org/view.php?id=CVE-2010-3715
19 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3716 – Debian Linux Security Advisory 2121-1
https://notcve.org/view.php?id=CVE-2010-3716
19 Oct 2010 — The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. La tarea be_user_creation en TYPO3 v4.2.x anteriores a v4.2.15 y v4.3.x anteriores a v4.3.7 permite a usuarios remotos autenticados a obtener privilegios a través de peticiones POST manipuladas que crean una cuenta de usuario como miembro de un grupo arbitrario. Several remote vulnerabilitie... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 32%CPEs: 26EXPL: 4CVE-2010-3714 – TYPO3 - Arbitrary File Retrieval
https://notcve.org/view.php?id=CVE-2010-3714
19 Oct 2010 — The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. La implementación de jumpUrl (también conocido como seguimiento de acceso) en tslib/class.tslib_fe.php en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no com... • https://packetstorm.news/files/id/180856 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1153
https://notcve.org/view.php?id=CVE-2010-1153
20 Apr 2010 — PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. Vulnerabilidad de inclusión remota de archivo PHP en el autoloader en TYPO3 v4.3.x anterior a 4.3.3, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el campo input asociado con la variables className. • http://marc.info/?l=oss-security&m=127092306209177&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •