Typo3

Typo3

219 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-5644

  • EPSS 0.36%
  • Veröffentlicht 17.12.2008 18:30:01
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.5

CVE-2008-2717

  • EPSS 0.21%
  • Veröffentlicht 16.06.2008 22:41:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htacces...

4.3

CVE-2008-2718

  • EPSS 0.34%
  • Veröffentlicht 16.06.2008 22:41:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attac...

6.5

CVE-2007-6381

  • EPSS 1.12%
  • Veröffentlicht 15.12.2007 02:46:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

7.5

CVE-2007-1081

  • EPSS 0.7%
  • Veröffentlicht 22.02.2007 23:28:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

7.5

CVE-2006-6690

Exploit
  • EPSS 21.04%
  • Veröffentlicht 21.12.2006 21:28:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to r...

2.6

CVE-2006-5069

  • EPSS 0.56%
  • Veröffentlicht 28.09.2006 00:07:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

5

CVE-2006-0327

Exploit
  • EPSS 1.9%
  • Veröffentlicht 21.01.2006 00:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require ...

7.5

CVE-2005-4875

  • EPSS 0.16%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.