ReportizFlow
Filtered by vendor Typo3
Subscriptions
Filtered by product Typo3
Subscriptions
Total
477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0322 | 2 Matthias Karr, Typo3 | 2 Mk Anydropdownmenu, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0323 | 2 Arco Van Geest, Typo3 | 2 Goof Fotoboek, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0326 | 3 Francois Suter, Rene Fritz, Typo3 | 3 Devlog, Devlog, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-4167 | 2 Lukas Taferner, Typo3 | 2 It Basetag, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | ||||
| CVE-2009-3634 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2008-5096 | 1 Typo3 | 2 File List Extension, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2007-1081 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | ||||
| CVE-2010-0325 | 2 Sebastian Baumann, Typo3 | 2 Sb Folderdownload, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2008-6695 | 2 Frank Naegler, Typo3 | 2 Timtab Sociable, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2008-6692 | 2 Fr.simon Rundell, Typo3 | 2 Pd Trainingcourses, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2010-0328 | 2 Rastislav Birka, Typo3 | 2 Cs2 Unitconv, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-6688 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2010-0329 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript." | ||||
| CVE-2008-6341 | 1 Typo3 | 2 Sb Universal Plugin, Typo3 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-3635 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. | ||||
| CVE-2009-0255 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2025-04-09 | 7.5 High |
| The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | ||||
| CVE-2009-0257 | 1 Typo3 | 1 Typo3 | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | ||||
| CVE-2010-0330 | 2 Julian Fries, Typo3 | 2 Jf Easymaps, Typo3 | 2025-04-09 | N/A |
| SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6685 | 2 Thomas Waggershauser, Typo3 | 2 Air Filemanager, Typo3 | 2025-04-09 | N/A |
| Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||