CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3632
https://notcve.org/view.php?id=CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la funcionalidad de edición del "frontend" (portal de usuario) tradicional del subcomponente "Frontend Editing" (edición del portal de usuario) de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos ejecutar comandos SQL de su elección a través parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3633
https://notcve.org/view.php?id=CVE-2009-3633
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de API t3lib_div::quoteJSvalue en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque sin especificar relacionados con el algoritmo de sanitización. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 1%CPEs: 59EXPL: 0CVE-2009-3635
https://notcve.org/view.php?id=CVE-2009-3635
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. El subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios remotos obtener acceso usando únicamente el hash md5 como credencial. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2009-3636
https://notcve.org/view.php?id=CVE-2009-3636
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2009-2103
https://notcve.org/view.php?id=CVE-2009-2103
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Frontend MP3 Player (fe_mp3player) v0.2.3 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://osvdb.org/55123 http://secunia.com/advisories/35484 http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008 http://www.securityfocus.com/bid/35394 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •