CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Typo3 : Security Vulnerabilities Published In 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5801 94 Exec Code 2008-12-31 2009-08-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
2 CVE-2008-5800 89 Exec Code Sql 2008-12-31 2009-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
3 CVE-2008-5799 79 XSS 2008-12-31 2009-08-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4 CVE-2008-5798 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2008-5797 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2008-5796 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
7 CVE-2008-5795 79 XSS 2008-12-31 2009-08-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2008-5656 79 XSS 2008-12-17 2009-08-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
9 CVE-2008-5644 79 XSS 2008-12-17 2009-08-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
10 CVE-2008-5609 89 Exec Code Sql 2008-12-16 2008-12-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2008-5096 200 +Info 2008-11-14 2008-11-17
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
12 CVE-2008-5087 89 Exec Code Sql 2008-11-14 2008-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2008-4661 79 XSS 2008-10-21 2008-12-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14 CVE-2008-4660 89 Exec Code Sql 2008-10-21 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2008-4659 89 Exec Code Sql 2008-10-21 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
16 CVE-2008-4658 89 Exec Code Sql 2008-10-21 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17 CVE-2008-4657 89 Exec Code Sql 2008-10-21 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
18 CVE-2008-4656 89 Exec Code Sql 2008-10-21 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
19 CVE-2008-4655 89 Exec Code Sql 2008-10-21 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
20 CVE-2008-4188 94 Exec Code 2008-09-23 2009-02-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
21 CVE-2008-3056 89 Exec Code Sql 2008-07-07 2009-05-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2008-3055 89 Exec Code Sql 2008-07-07 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
23 CVE-2008-3054 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2008-3053 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
25 CVE-2008-3052 399 DoS 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors.
26 CVE-2008-3051 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2008-3050 399 DoS 2008-07-07 2009-07-03
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors.
28 CVE-2008-3049 200 +Info 2008-07-07 2009-07-03
5.0
None Remote Low Not required Partial None None
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.
29 CVE-2008-3048 2008-07-07 2009-07-03
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."
30 CVE-2008-3047 264 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
31 CVE-2008-3046 264 2008-07-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
32 CVE-2008-3045 2008-07-07 2014-12-02
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."
33 CVE-2008-3044 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
34 CVE-2008-3043 94 Exec Code 2008-07-07 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
35 CVE-2008-3042 264 2008-07-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
36 CVE-2008-3041 264 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control."
37 CVE-2008-3040 200 +Info 2008-07-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
38 CVE-2008-3039 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
39 CVE-2008-3038 89 Exec Code Sql 2008-07-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
40 CVE-2008-3037 79 XSS 2008-07-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
41 CVE-2008-3032 79 XSS 2008-07-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
42 CVE-2008-3029 79 XSS 2008-07-07 2009-03-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
43 CVE-2008-3028 79 XSS 2008-07-07 2009-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
44 CVE-2008-2718 79 XSS 2008-06-16 2009-04-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
45 CVE-2008-2717 264 Bypass 2008-06-16 2009-04-14
6.5
None Remote Low Single system Partial Partial Partial
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
46 CVE-2008-2526 79 XSS 2008-06-03 2009-04-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
47 CVE-2008-2525 79 XSS 2008-06-03 2009-04-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2008-2490 79 XSS 2008-05-28 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."
49 CVE-2008-2489 89 Exec Code Sql 2008-05-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
50 CVE-2008-2452 79 XSS 2008-05-27 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.