CVE-2010-2131
https://notcve.org/view.php?id=CVE-2010-2131
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. Vulnerabilidad de inyección SQL en la extensión Calendar Base (cal) anterior a v1.3.2 para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de datos iCalendar. • http://osvdb.org/62668 http://secunia.com/advisories/38745 http://typo3.org/extensions/repository/view/cal/1.3.2 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005 http://www.securityfocus.com/bid/38493 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-1021
https://notcve.org/view.php?id=CVE-2010-1021
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la extensión Typo3 Quixplorer (t3quixplorer) anteriores a v1.7.1 para TYPO3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores sin especificar. • http://osvdb.org/63036 http://secunia.com/advisories/38993 http://typo3.org/extensions/repository/view/t3quixplorer/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006 http://www.securityfocus.com/bid/38818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3631
https://notcve.org/view.php?id=CVE-2009-3631
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2, cuando la extensión DAM o la subida por ftp está activada, permite a usuarios autenticados remotos ejecutar comandos de su elección a través metacaracteres de shell en un nombre de fichero. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3635
https://notcve.org/view.php?id=CVE-2009-3635
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. El subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios remotos obtener acceso usando únicamente el hash md5 como credencial. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 • CWE-287: Improper Authentication •
CVE-2009-3630
https://notcve.org/view.php?id=CVE-2009-3630
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios autenticados remotos situar sitios web de su elección en los "framesets" (conjuntos de marcos) de backend a través de parámetros modificados, relacionado con un asunto de "frame hijacking" (secuestro de marco). • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53920 •