Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

typo3 typo3 4.3.7 vulnerabilities and exploits

(subscribe to this query)
2.6
CVSSv2
CVE-2010-5097
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x prior to 4.3.9 and 4.4.x prior to 4.4.5 when the caching framework is enabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Typo3 Typo3 4.3.0Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.3.6Typo3 Typo3 4.3.4Typo3 Typo3 4.4Typo3 Typo3 4.4.1Typo3 Typo3 4.3.2Typo3 Typo3 4.3.1Typo3 Typo3 4.3.5Typo3 Typo3 4.3.3Typo3 Typo3 4.4.2Typo3 Typo3 4.4.3Typo3 Typo3 4.4.4
4
CVSSv2
CVE-2010-5101
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality.&q...
Typo3 Typo3 4.2.8Typo3 Typo3 4.2.9Typo3 Typo3 4.2.0Typo3 Typo3 4.2.10Typo3 Typo3 4.2.2Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.4.1Typo3 Typo3 4.2.3Typo3 Typo3 4.2.14Typo3 Typo3 4.2.6Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.3.1Typo3 Typo3 4.4.4Typo3 Typo3 4.2.15Typo3 Typo3 4.2.7Typo3 Typo3 4.2.11Typo3 Typo3 4.2.12Typo3 Typo3 4.3.6Typo3 Typo3 4.3.0Typo3 Typo3 4.4.2
5
CVSSv2
CVE-2010-5102
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote malicious users to write arbitrary files via unspecified vectors.
Typo3 Typo3 4.2.6Typo3 Typo3 4.2.14Typo3 Typo3 4.2.1Typo3 Typo3 4.3.7Typo3 Typo3 4.3.2Typo3 Typo3 4.3.1Typo3 Typo3 4.2.7Typo3 Typo3 4.2.8Typo3 Typo3 4.2.0Typo3 Typo3 4.2.10Typo3 Typo3 4.3.0Typo3 Typo3 4.3.4Typo3 Typo3 4.4.3Typo3 Typo3 4.4.1Typo3 Typo3 4.2.9Typo3 Typo3 4.2.5Typo3 Typo3 4.2.13Typo3 Typo3 4.2.2Typo3 Typo3 4.2.4Typo3 Typo3 4.3.5Typo3 Typo3 4.3.3Typo3 Typo3 4.2.3
6
CVSSv2
CVE-2010-5103
SQL injection vulnerability in the list module in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
Typo3 Typo3 4.2.5Typo3 Typo3 4.2.14Typo3 Typo3 4.2.1Typo3 Typo3 4.2.4Typo3 Typo3 4.3.3Typo3 Typo3 4.3.2Typo3 Typo3 4.3.1Typo3 Typo3 4.2.3Typo3 Typo3 4.2.15Typo3 Typo3 4.2.6Typo3 Typo3 4.2.11Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.4.4Typo3 Typo3 4.4.2Typo3 Typo3 4.2.9Typo3 Typo3 4.2.13Typo3 Typo3 4.2.10Typo3 Typo3 4.2.2Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.2.7
4.3
CVSSv2
CVE-2010-5104
The escapeStrForLike method in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote malicious users to obtain sensitive information via wildc...
Typo3 Typo3 4.2.15Typo3 Typo3 4.2.7Typo3 Typo3 4.2.11Typo3 Typo3 4.2.12Typo3 Typo3 4.3.6Typo3 Typo3 4.3.0Typo3 Typo3 4.4.2Typo3 Typo3 4.4.3Typo3 Typo3 4.2.8Typo3 Typo3 4.2.9Typo3 Typo3 4.2.0Typo3 Typo3 4.2.10Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.4.1Typo3 Typo3 4.2.3Typo3 Typo3 4.2.14Typo3 Typo3 4.2.6Typo3 Typo3 4.2.4Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.3.1
6.8
CVSSv2
CVE-2010-5099
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 does not properly filter file types, which allows remote malicious users to bypass intended access restrictions and access arb...
Typo3 Typo3 4.2.0Typo3 Typo3 4.2.7Typo3 Typo3 4.2.8Typo3 Typo3 4.2.15Typo3 Typo3 4.2.3Typo3 Typo3 4.2.4Typo3 Typo3 4.2.11Typo3 Typo3 4.2.12Typo3 Typo3 4.2.5Typo3 Typo3 4.2.6Typo3 Typo3 4.2.13Typo3 Typo3 4.2.14Typo3 Typo3 4.2.1Typo3 Typo3 4.2.2Typo3 Typo3 4.2.9Typo3 Typo3 4.2.10Typo3 Typo3 4.3.7Typo3 Typo3 4.3.8Typo3 Typo3 4.3.2Typo3 Typo3 4.3.3Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5
3.5
CVSSv2
CVE-2010-5098
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Typo3 Typo3 4.2.3Typo3 Typo3 4.2.4Typo3 Typo3 4.2.12Typo3 Typo3 4.2.13Typo3 Typo3 4.3.3Typo3 Typo3 4.3.4Typo3 Typo3 4.4.2Typo3 Typo3 4.4.3Typo3 Typo3 4.4.1Typo3 Typo3 4.2Typo3 Typo3 4.2.2Typo3 Typo3 4.2.10Typo3 Typo3 4.2.11Typo3 Typo3 4.3.1Typo3 Typo3 4.3.2Typo3 Typo3 4.4.4Typo3 Typo3 4.4Typo3 Typo3 4.2.5Typo3 Typo3 4.2.6Typo3 Typo3 4.2.7Typo3 Typo3 4.2.14Typo3 Typo3 4.2.15
3.5
CVSSv2
CVE-2010-5100
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Typo3 Typo3 4.2.13Typo3 Typo3 4.2.5Typo3 Typo3 4.2.10Typo3 Typo3 4.2.2Typo3 Typo3 4.3.3Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.4.3Typo3 Typo3 4.4.1Typo3 Typo3 4.2.8Typo3 Typo3 4.2.9Typo3 Typo3 4.2.12Typo3 Typo3 4.2.0Typo3 Typo3 4.3.1Typo3 Typo3 4.3.2Typo3 Typo3 4.4Typo3 Typo3 4.4.2Typo3 Typo3 4.2.3Typo3 Typo3 4.2.6Typo3 Typo3 4.2Typo3 Typo3 4.2.1Typo3 Typo3 4.2.4
4.9
CVSSv2
CVE-2010-4068
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x prior to 4.2.15, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-201...
Typo3 Typo3 4.2.13Typo3 Typo3 4.2.14Typo3 Typo3 4.3.0Typo3 Typo3 4.3.1Typo3 Typo3 4.2.3Typo3 Typo3 4.2.6Typo3 Typo3 4.2.4Typo3 Typo3 4.2.11Typo3 Typo3 4.3.3Typo3 Typo3 4.3.5Typo3 Typo3 4.4.3Typo3 Typo3 4.2.8Typo3 Typo3 4.2.9Typo3 Typo3 4.2.0Typo3 Typo3 4.2.2Typo3 Typo3 4.3.6Typo3 Typo3 4.4Typo3 Typo3 4.4.1Typo3 Typo3 4.4.2Typo3 Typo3 4.2.5Typo3 Typo3 4.2.7Typo3 Typo3 4.2.1
7.1
CVSSv2
CVE-2010-3714
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x prior to 4.2.15, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote malicious users to read a...
Typo3 Typo3 4.2.3Typo3 Typo3 4.2.2Typo3 Typo3 4.2.1Typo3 Typo3 4.3.0Typo3 Typo3 4.3.1Typo3 Typo3 4.4.2Typo3 Typo3 4.4.3Typo3 Typo3 4.2.9Typo3 Typo3 4.2.0Typo3 Typo3 4.2.13Typo3 Typo3 4.2.14Typo3 Typo3 4.3.6Typo3 Typo3 4.4Typo3 Typo3 4.4.1Typo3 Typo3 4.2.7Typo3 Typo3 4.2.8Typo3 Typo3 4.2.11Typo3 Typo3 4.2.12Typo3 Typo3 4.3.4Typo3 Typo3 4.3.5Typo3 Typo3 4.2.5Typo3 Typo3 4.2.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook