CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1264
https://notcve.org/view.php?id=CVE-2009-1264
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. La extensión Frontend User Registration (sr_feuser_register) v.2.5.20 y anteriores para TYPO3, no comprueba adecuadamente los permisos de acceso, esto permite a usuarios autenticados en remoto obtener información sensible como contraseñas a través de vectores de ataque desconocidos. • http://osvdb.org/53278 http://secunia.com/advisories/34586 http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004 http://www.securityfocus.com/bid/34374 http://www.vupen.com/english/advisories/2009/0938 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6630
https://notcve.org/view.php?id=CVE-2008-6630
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors. Vulnerabilidad de salto de directorio en la extensión wt_gallery v2.5.0 y anteriores para TYPO3 permite a atacantes remotos leer ficheros de imagen de forma arbitraria y determinar la estructura del directorio a través de vectores sin especificar. • http://osvdb.org/45050 http://secunia.com/advisories/30217 http://typo3.org/teams/security/security-bulletins/typo3-20080513-1 http://www.securityfocus.com/bid/29182 https://exchange.xforce.ibmcloud.com/vulnerabilities/42364 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6457
https://notcve.org/view.php?id=CVE-2008-6457
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión Swigmore institute (cgswigmore) para TYPO3 antes de la versión 0.1.2 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48273 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31258 https://exchange.xforce.ibmcloud.com/vulnerabilities/45256 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6458
https://notcve.org/view.php?id=CVE-2008-6458
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión FE address edit para tt_address & direct mail (dmaddredit) para TYPO3 antes de la versión 0.4.0 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48274 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31259 https://exchange.xforce.ibmcloud.com/vulnerabilities/45257 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-6462
https://notcve.org/view.php?id=CVE-2008-6462
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección de SQL en la extensión My quiz and poll (myquizpoll) para TYPO3 antes de la versión 0.1.4 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/48278 http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31257 https://exchange.xforce.ibmcloud.com/vulnerabilities/45262 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •