CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5797
https://notcve.org/view.php?id=CVE-2008-5797
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión advCalendar v0.3.1 y anteriores en TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-20081110-2 http://www.securityfocus.com/bid/32230 https://exchange.xforce.ibmcloud.com/vulnerabilities/46469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5656
https://notcve.org/view.php?id=CVE-2008-5656
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en la extensión de interfaz externo (frontend plugin) para la extensión de sistemas Felogin en TYPO3 4.2.0, 4.2.1 y 4.2.2, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-20081113-2 http://www.securityfocus.com/bid/32284 https://exchange.xforce.ibmcloud.com/vulnerabilities/46591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5644
https://notcve.org/view.php?id=CVE-2008-5644
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo file backend en TYPO3 v4.2.2 permitiría a atacantes remotos inyectar comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/32689 http://typo3.org/teams/security/security-bulletins/typo3-20081113-1 http://www.securityfocus.com/bid/32284 http://www.vupen.com/english/advisories/2008/3144 https://exchange.xforce.ibmcloud.com/vulnerabilities/46585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-5609
https://notcve.org/view.php?id=CVE-2008-5609
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Commerce extensión 0.9.6 y versiones anteriores para TYPO3, permite a los atacante remotos ejecutar arbitrariamente comandos SQL a través de vectores no especificados. • http://typo3.org/extensions/repository/view/commerce/0.9.7 http://typo3.org/teams/security/security-bulletins/typo3-20081020-2 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-5096
https://notcve.org/view.php?id=CVE-2008-5096
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. Vulnerabilidad no especificada en la extensión TYPO3 File List (file_list) v0.2.1 y versiones anteriores permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos. • http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31262 https://exchange.xforce.ibmcloud.com/vulnerabilities/45258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •