National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:typo3:typo3:8.7.4
There are 225 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2010-1017

SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1016

SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1015

SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1014

Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1013

SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1012

SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1011

Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1010

SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1009

SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1008

Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1007

Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2010-1006

SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2010-1005

Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2010-1004

SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 19, 2010; 03:00:00 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4711

SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.

Published: March 15, 2010; 05:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4710

SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 05:30:01 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4709

SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 05:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4708

SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: March 15, 2010; 05:30:00 PM -04:00
    V2: 7.5 HIGH
CVE-2009-4707

Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 15, 2010; 05:30:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2009-4706

Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: March 15, 2010; 05:30:00 PM -04:00
    V2: 4.3 MEDIUM