Page 6 of 51 results (0.004 seconds)

CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-5101

https://notcve.org/view.php?id=CVE-2010-5101

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." Vulnerabilidad de salto de directorio en la configuración de TypoScript en TYPO3 v4.2.x y anteriores a v4.2.16, v4.3.x y anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5. permite a administradores remotos autenticados leer ficheros arbitrarios a través de vectores no especificados y relacionados con la "funcionalidad de inclusión de fichero". • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70119 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-5104

https://notcve.org/view.php?id=CVE-2010-5104

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. El método escapeStrForLike de TYPO3 4.2.x anteriores a 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5 no codifican los caracteres no permitidos ("escape") apropiadamente de la entrada cuando la base de datos MySQL se encuentra en modo sql_mode NO_BACKSLASH_ESCAPES, lo que permite a atacantes remotos obtener información confidencial a través de caracteres comodín en una petición LIKE. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70116 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 32EXPL: 0

CVE-2010-5098

https://notcve.org/view.php?id=CVE-2010-5098

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el objeto de contenido FORM de TYPO3 4.2.x before 4.2.16, 4.3.x anteriores a 4.3.9, y 4.4.x anteriores a 4.4.5. Permite a atacantes remotos inyectar codigo de script web o código HTML de vectores sin especificar. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70122 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 32EXPL: 0

CVE-2010-5100

https://notcve.org/view.php?id=CVE-2010-5100

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Install Tool en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/35770 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.osvdb.org/70120 http://www.securityfocus.com/bid/45470 https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-5102

https://notcve.org/view.php?id=CVE-2010-5102

Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio enmod/tools/em/class.em_unzip.php en la librería unzip library en TYPO3 v4.2.x anteriores a v4.2.16, v4.3.x anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5, permite a atacantes remotos escribir ficheros a través de parámetros no especificados. • http://bugs.typo3.org/view.php?id=16362 http://secunia.com/advisories/35770 http://securesystems.ca/advisory.php?id=2010-001 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •