- EPSS 3.31%
- Veröffentlicht 22.01.2009 23:30:04
- Zuletzt bearbeitet 16.06.2026 23:04:36
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which...
CVE-2009-0255
- EPSS 9.44%
- Veröffentlicht 22.01.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:35
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
CVE-2008-5656
- EPSS 1.05%
- Veröffentlicht 17.12.2008 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:44
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-5644
- EPSS 1.09%
- Veröffentlicht 17.12.2008 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:00:43
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2008-2717
- EPSS 3.02%
- Veröffentlicht 16.06.2008 22:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:18
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htacces...
CVE-2008-2718
- EPSS 1.81%
- Veröffentlicht 16.06.2008 22:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:18
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attac...
CVE-2007-6381
- EPSS 1.34%
- Veröffentlicht 15.12.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:56
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-1081
- EPSS 1.4%
- Veröffentlicht 22.02.2007 23:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:54
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
CVE-2006-6690
- EPSS 5.98%
- Veröffentlicht 21.12.2006 21:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:36
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to r...
CVE-2006-5069
- EPSS 1.34%
- Veröffentlicht 28.09.2006 00:07:00
- Zuletzt bearbeitet 16.06.2026 22:30:26
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.