FreshPorts - VuXML

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.

ge 4.6 lt 4.6.2

< 4.5.9

TYPO3 reports:

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.

< 7.6.8

< 6.2.24

TYPO3 develop team reports:

Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below.

SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.

< 4.2.10

Secunia reports:

Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system.

The "Install tool" system extension uses insufficiently random entropy sources to generate an encryption key, resulting in weak security.

The authentication library does not properly invalidate supplied session tokens, which can be exploited to hijack a user's session.

Certain unspecified input passed to the "Indexed Search Engine" system extension is not properly sanitised before being used to invoke commands. This can be exploited to inject and execute arbitrary shell commands.

Input passed via the name and content of files to the "Indexed Search Engine" system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input passed to the Workspace module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Note: It is also reported that certain unspecified input passed to test scripts of the "ADOdb" system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website.

< 4.2.4

TYPO3 Security Team reports:

It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing.

< 7.6.1

< 6.2.16

Secunia reports:

Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Input passed via unspecified fields to the backend user interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

An error in the "jumpUrl" mechanism can be exploited to read arbitrary files from local resources by disclosing a hash secret used to restrict file access.

< 4.2.6