Page 9 of 54 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." Vulnerabilidad de inyección SQL en Extbase Framework en TYPO3 v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados, en relación con "el Query Object Model y los valores de relación". • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://osvdb.org/90925 http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.securityfocus.com/bid/58330 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.4EPSS: 0%CPEs: 54EXPL: 0

Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el mecanismo de Access tracking en TYPO3 en v4.5.x anterior a v4.5.24, v4.6.x anterior a v4.6.17, v4.7.x anterior a v4.7.9, y v6.0.x anterior a v6.0.3, permite a atacantes remotos redireccionar a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html http://secunia.com/advisories/52433 http://secunia.com/advisories/52638 http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core http://www.debian.org/security/2013/dsa-2646 http://www.openwall.com/lists/oss-security/2013/03/12/3 http://www.osvdb.org/90924 http://www.securityfocus.com/bid/58330 • CWE-399: Resource Management Errors •

CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. El módulo de configuración en el backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados obtener la clave de cifrado a través de vectores no especificados. • http://osvdb.org/84775 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 38EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.5.x anterior a v4.5.19, v4.6.x before v4.6.12 y v4.7.x anterior a v4.7.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://osvdb.org/84771 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77792 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." view_help.php en el sistema de ayuda backend de TYPO3 v4.5.x anterior a v4.5.19, v4.6.x anterior a v4.6.12 y v4.7.x anterior a v4.7.4 permite a usuarios remotos autenticados tomar una variable de objetos arbitrarios y posiblemente ejecutar código PHP arbitrario a través de un parámetro no especifico, en relación con una "missing signature (HMAC)." • http://osvdb.org/84773 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004 http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77791 • CWE-502: Deserialization of Untrusted Data •