CVSS: 10.0EPSS: 3%CPEs: 24EXPL: 0CVE-2009-0258
https://notcve.org/view.php?id=CVE-2009-0258
22 Jan 2009 — The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. Vulnerabilidad no especificada en la extensión del sistema de la Indexed Search Engine (indexed_search) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3 permite a atacantes remotos ejecutar comandos... • http://secunia.com/advisories/33617 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 1CVE-2009-0255 – TYPO3 Sa-2009-001 Weak Encryption Key File Disclosure
https://notcve.org/view.php?id=CVE-2009-0255
22 Jan 2009 — The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. La herramienta de instalación de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptación con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes. • https://packetstorm.news/files/id/180895 • CWE-330: Use of Insufficiently Random Values •