Typo3 » Typo3 : Security Vulnerabilities, CVEs, Published In 2006 CVSS score >= 1

CVE-2006-6690

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Max CVSS
7.5
EPSS Score
5.06%
Published
2006-12-21
Updated
2018-10-17

CVE-2006-5069

Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Max CVSS
2.6
EPSS Score
0.43%
Published
2006-09-28
Updated
2018-10-17

CVE-2006-0327

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.
Max CVSS
5.0
EPSS Score
0.67%
Published
2006-01-21
Updated
2018-10-19
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close