Page 8 of 54 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. Vulnerabilidad no especificada en la expresión Simple download-system con Counter y categorías (kk_downloader) v1.2.1 y anteriores para TYP03 permite a atacantes remotos obtener información sensible a través de ataques desconocidos a vectores. • http://secunia.com/advisories/37550 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017 http://www.securityfocus.com/bid/37168 •

CVSS: 8.5EPSS: 0%CPEs: 59EXPL: 0

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2, cuando la extensión DAM o la subida por ftp está activada, permite a usuarios autenticados remotos ejecutar comandos de su elección a través metacaracteres de shell en un nombre de fichero. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 1%CPEs: 59EXPL: 0

The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. El subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios remotos obtener acceso usando únicamente el hash md5 como credencial. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 • CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 59EXPL: 0

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. El subcomponente Backend de TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2 permite a usuarios autenticados remotos situar sitios web de su elección en los "framesets" (conjuntos de marcos) de backend a través de parámetros modificados, relacionado con un asunto de "frame hijacking" (secuestro de marco). • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53920 •

CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0

Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el subcomponente "Install Tool" (herramienta de instalación) en TYPO3 v4.0.13 y anteriores, v4.1.x anteriores a v4.1.13, v4.2.x anteriores a v4.2.10 y v4.3.x anteriores a v4.3beta2. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://marc.info/?l=oss-security&m=125632856206736&w=2 http://marc.info/?l=oss-security&m=125633199111438&w=2 http://secunia.com/advisories/37122 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 http://www.securityfocus.com/bid/36801 http://www.vupen.com/english/advisories/2009/3009 https://exchange.xforce.ibmcloud.com/vulnerabilities/53929 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •