Vulnerabilities (CVE)

Filtered by vendor Typo3 Subscribe
Filtered by product Typo3
Total 417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4165 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2009-12-03 7.5 HIGH N/A
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2009-12-03 7.5 HIGH N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3818 2 Stanislas Rolland, Typo3 2 Sr Freecap, Typo3 2009-10-28 10.0 HIGH N/A
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2008-6685 2 Thomas Waggershauser, Typo3 2 Air Filemanager, Typo3 2009-08-19 7.5 HIGH N/A
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2008-6463 2 Fr.simon Rundell, Typo3 2 Pd Churchsearch, Typo3 2009-08-19 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2106 2 Projektseminar Proservice Wwu, Typo3 2 Virtual Civil Services, Typo3 2009-07-02 7.5 HIGH N/A
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2104 2 Typo3, Udo Von Eynern 2 Typo3, Modern Guest Book Commenting System 2009-07-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2103 2 Steve Grundell, Typo3 2 Frontend Mp3 Player, Typo3 2009-06-23 7.5 HIGH N/A
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-1264 2 Stanislas Rolland, Typo3 2 Sr Feuser Register, Typo3 2009-04-08 4.0 MEDIUM N/A
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.
CVE-2008-6342 2 Lobacher Patrick, Typo3 2 Simplefilebrowser, Typo3 2009-03-02 5.0 MEDIUM N/A
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2008-6341 1 Typo3 2 Sb Universal Plugin, Typo3 2009-03-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6340 2 Mathieu Vidal, Typo3 2 Mv Vox Populi, Typo3 2009-03-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2009-03-02 7.5 HIGH N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6343 1 Typo3 2 Tu-clausthal Odin, Typo3 2009-03-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6344 1 Typo3 2 Tu-clausthal Staff, Typo3 2009-03-02 7.5 HIGH N/A
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6346 2 Dennis Royer, Typo3 2 Dr Wiki, Typo3 2009-03-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5087 1 Typo3 2 Another Backend Login, Typo3 2008-11-17 7.5 HIGH N/A
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.