Page 7 of 38 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0

CVE-2009-3633

https://notcve.org/view.php?id=CVE-2009-3633

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de API t3lib_div::quoteJSvalue en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque sin especificar relacionados con el algoritmo de sanitización. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 1%CPEs: 59EXPL: 0

CVE-2009-3635

https://notcve.org/view.php?id=CVE-2009-3635

The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. El subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios remotos obtener acceso usando únicamente el hash md5 como credencial. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0

CVE-2009-3636

https://notcve.org/view.php?id=CVE-2009-3636

Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2008-6462

https://notcve.org/view.php?id=CVE-2008-6462

SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión My quiz and poll (myquizpoll) para TYPO3 antes de la versión 0.1.4 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48278 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31257 https://exchange.xforce.ibmcloud.com/vulnerabilities/45262 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2008-4656

https://notcve.org/view.php?id=CVE-2008-4656

SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Frontend Users View (feusersview) v.0.1.6 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.securityfocus.com/bid/31843 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •