CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3715
https://notcve.org/view.php?id=CVE-2010-3715
25 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2010-3716
https://notcve.org/view.php?id=CVE-2010-3716
25 Oct 2010 — The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. La tarea be_user_creation en TYPO3 v4.2.x anteriores a v4.2.15 y v4.3.x anteriores a v4.3.7 permite a usuarios remotos autenticados a obtener privilegios a través de peticiones POST manipuladas que crean una cuenta de usuario como miembro de un grupo arbitrario. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3717
https://notcve.org/view.php?id=CVE-2010-3717
25 Oct 2010 — The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. La función t3lib_div::validEmail en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 no restringe de fo... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-4068
https://notcve.org/view.php?id=CVE-2010-4068
25 Oct 2010 — Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. Vulnerabilidad no especificada en Extension Manager en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 permite a administradores remotos autenticados leer y posiblemente modificar ficher... • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4855 – TYPO3 CMS 4.0 - 'showUid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4855
10 May 2010 — SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core. ** DISPUTADA ** Vulnerabilidad de inyección SQL en index.php en TYPO3 4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro showUid. NOTA: El equ... • https://www.exploit-db.com/exploits/9380 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1153
https://notcve.org/view.php?id=CVE-2010-1153
20 Apr 2010 — PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. Vulnerabilidad de inclusión remota de archivo PHP en el autoloader en TYPO3 v4.3.x anterior a 4.3.3, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el campo input asociado con la variables className. • http://marc.info/?l=oss-security&m=127092306209177&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0286
https://notcve.org/view.php?id=CVE-2010-0286
21 Feb 2010 — Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. Vulnerabilidad no especificada en la extensión OpenID Identity Authentication para TYPO3 v4.3.0 permite a atacantes remotos saltarse la autenticación y ganar acceso a una cuenta de usuario de la ... • http://osvdb.org/61680 •
CVSS: 4.0EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3628
https://notcve.org/view.php?id=CVE-2009-3628
02 Nov 2009 — The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a atacantes remotos autenticados determinar la clave de encriptación a través de una entrada modificada al elemento de formu... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3629
https://notcve.org/view.php?id=CVE-2009-3629
02 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permiten a ... • http://marc.info/?l=oss-security&m=125632856206736&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3630
https://notcve.org/view.php?id=CVE-2009-3630
02 Nov 2009 — The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios autenticados remotos situar sitios web de su elección en los "framesets" (... • http://marc.info/?l=oss-security&m=125632856206736&w=2 •