CVE-2008-5087
https://notcve.org/view.php?id=CVE-2008-5087
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión TYPO3 Another Backend Login (wrg_anotherbelogin) versiones anteriores a v0.0.4 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-20080919-1 http://www.securityfocus.com/bid/31266 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4658
https://notcve.org/view.php?id=CVE-2008-4658
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión JobControl (dmmjobcontrol) v1.15.4 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://secunia.com/advisories/32342 http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5 http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.securityfocus.com/bid/31840 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4657
https://notcve.org/view.php?id=CVE-2008-4657
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Plugin Econda (econda) v0.0.2 y anteriores para TYPO3; permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://typo3.org/extensions/repository/view/econda/0.0.4 http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.securityfocus.com/bid/31841 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4659
https://notcve.org/view.php?id=CVE-2008-4659
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de Inyección SQL en la extensión Mannschaftsliste (kiddog_playerlist) v1.0.3 y anteriores para TYPO3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.securityfocus.com/bid/31844 http://www.vupen.com/english/advisories/2008/2870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4661
https://notcve.org/view.php?id=CVE-2008-4661
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la extensión Page Improvements (sm_pageimprovements) v1.1.0 y anteriores para TYPO3; permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://typo3.org/extensions/repository/view/sm_pageimprovements/0.3.0/info/ChangeLog http://typo3.org/teams/security/security-bulletins/typo3-20081020-1 http://www.vupen.com/english/advisories/2008/2870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •