TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
Max CVSS
5.0
EPSS Score
0.67%
Published
2006-01-21
Updated
2018-10-19
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.33%
Published
2008-07-07
Updated
2017-08-08
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.14%
Published
2008-07-07
Updated
2017-08-08
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.20%
Published
2008-07-07
Updated
2017-08-08
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.31%
Published
2008-11-14
Updated
2017-08-08

CVE-2009-0815

Public exploit
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Max CVSS
5.0
EPSS Score
18.39%
Published
2009-03-05
Updated
2010-04-27
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.
Max CVSS
5.5
EPSS Score
0.15%
Published
2009-11-02
Updated
2017-08-17
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.18%
Published
2010-03-15
Updated
2010-03-16
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication.
Max CVSS
5.1
EPSS Score
1.12%
Published
2010-02-22
Updated
2017-08-17
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.18%
Published
2010-01-15
Updated
2011-04-29
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
Max CVSS
5.4
EPSS Score
0.13%
Published
2017-10-20
Updated
2017-11-07
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-01
Updated
2019-11-05
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-04
Updated
2019-11-05
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-04
Updated
2019-11-05
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-04
Updated
2019-11-05
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-04
Updated
2019-11-07
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
Max CVSS
5.8
EPSS Score
0.11%
Published
2019-11-05
Updated
2019-11-08
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-05
Updated
2019-11-07
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
Max CVSS
5.0
EPSS Score
0.23%
Published
2010-10-25
Updated
2010-10-27
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.84%
Published
2012-05-21
Updated
2017-08-29
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-06
Updated
2019-11-08
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-06
Updated
2019-11-08
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-06
Updated
2019-11-08
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-11-06
Updated
2019-11-08
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-02-14
Updated
2017-08-29
55 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!