VuXML ID | Description |
a0d77bc8-c6a7-11e5-96d6-14dae9d210b8 | typo3 -- multiple vulnerabilities
TYPO3 Security Team reports:
It has been discovered that TYPO3 CMS is susceptible to
Cross-Site Scripting and Cross-Site Flashing.
Discovery 2015-12-15 Entry 2016-01-29 typo3
< 7.6.1
typo3-lts
< 6.2.16
http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/
|
c28ee9cd-916e-4dcf-8ed3-e97e5846db6c | typo3 -- Cross-Site Scripting Vulnerability in TYPO3 Core
Typo3 Security Report (TYPO3-CORE-SA-2012-003):
TYPO3 bundles and uses an external JavaScript and Flash Upload Library
called swfupload. TYPO3 can be configured to use this Flash uploader.
Input passed via the "movieName" parameter to swfupload.swf is not
properly sanitised before being used in a call to
"ExternalInterface.call()". This can be exploited to execute arbitrary
script code in a user's browser session in context of an affected site.
The existance of the swfupload library is sufficient to be vulnerable
to the reported problem.
Discovery 2012-07-04 Entry 2012-07-06 typo3
ge 4.5 lt 4.5.17
ge 4.6 lt 4.6.10
ge 4.7 lt 4.7.2
http://secunia.com/advisories/49780/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-003/
|
3caf4e6c-4cef-11e6-a15f-00248c0c745d | typo3 -- Missing access check in Extbase
TYPO3 reports:
Extbase request handling fails to implement a proper access check for
requested controller/ action combinations, which makes it possible for an
attacker to execute arbitrary Extbase actions by crafting a special request. To
successfully exploit this vulnerability, an attacker must have access to at
least one Extbase plugin or module action in a TYPO3 installation. The missing
access check inevitably leads to information disclosure or remote code
execution, depending on the action that an attacker is able to execute.
Discovery 2016-05-24 Entry 2016-07-18 typo3
< 7.6.8
typo3-lts
< 6.2.24
CVE-2016-5091
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
https://wiki.typo3.org/TYPO3_CMS_7.6.8
https://wiki.typo3.org/TYPO3_CMS_6.2.24
|
67516177-88ec-11e1-9a10-0023ae8e59f0 | typo -- Cross-Site Scripting
Typo Security Team reports:
Failing to properly encode the output, the default TYPO3
Exception Handler is susceptible to Cross-Site Scripting. We
are not aware of a possibility to exploit this vulnerability
without third party extensions being installed that put user
input in exception messages. However, it has come to our
attention that extensions using the extbase MVC framework can
be used to exploit this vulnerability if these extensions
accept objects in controller actions.
Discovery 2012-04-17 Entry 2012-04-18 typo3
ge 4.6.0 le 4.6.7
ge 4.5.0 le 4.5.14
ge 4.4.0 le 4.4.14
CVE-2012-2112
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
|
3c957a3e-2978-11e1-89b4-001ec9578670 | typo3 -- Remote Code Execution
The typo3 security team reports:
A crafted request to a vulnerable TYPO3 installation will allow
an attacker to load PHP code from an external source and to
execute it on the TYPO3 installation.
This is caused by a PHP file, which is part of the workspaces
system extension, that does not validate passed arguments.
Discovery 2011-12-16 Entry 2011-12-18 typo3
ge 4.6 lt 4.6.2
< 4.5.9
CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
|
b9a347ac-8671-11e2-b73c-0019d18c446a | typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports:
Extbase Framework - Failing to sanitize user input, the Extbase
database abstraction layer is susceptible to SQL Injection. TYPO3
sites which have no Extbase extensions installed are not affected.
Extbase extensions are affected if they use the Query Object Model
and relation values are user generated input. Credits go to Helmut
Hummel and Markus Opahle who discovered and reported the issue.
Access tracking mechanism - Failing to validate user provided
input, the access tracking mechanism allows redirects to arbitrary
URLs. To fix this vulnerability, we had to break existing
behaviour of TYPO3 sites that use the access tracking mechanism
(jumpurl feature) to transform links to external sites. The link
generation has been changed to include a hash that is checked
before redirecting to an external URL. This means that old links
that have been distributed (e.g. by a newsletter) will not work
any more.
Discovery 2013-03-06 Entry 2013-03-06 typo3
ge 4.5.0 lt 4.5.23
ge 4.6.0 lt 4.6.16
ge 4.7.0 lt 4.7.8
ge 6.0.0 lt 6.0.2
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/
|
79818ef9-2d10-11e2-9160-00262d5ed8ee | typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports:
TYPO3 Backend History Module - Due to missing encoding of user
input, the history module is susceptible to SQL Injection and
Cross-Site Scripting. A valid backend login is required to exploit
this vulnerability. Credits go to Thomas Worm who discovered and
reported the issue.
TYPO3 Backend API - Failing to properly HTML-encode user input the
tree render API (TCA-Tree) is susceptible to Cross-Site Scripting.
TYPO3 Versions below 6.0 does not make us of this API, thus is not
exploitable, if no third party extension is installed which uses
this API. A valid backend login is required to exploit this
vulnerability. Credits go to Richard Brain who discovered and
reported the issue.
Discovery 2012-11-08 Entry 2012-11-12 typo3
ge 4.5.0 lt 4.5.21
ge 4.6.0 lt 4.6.14
ge 4.7.0 lt 4.7.6
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
|
e6839625-fdfa-11e2-9430-20cf30e32f6d | typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports:
It has been discovered that TYPO3 Core is vulnerable to
Cross-Site Scripting and Remote Code Execution.
TYPO3 bundles flash files for video and audio playback. Old
versions of FlowPlayer and flashmedia are susceptible to
Cross-Site Scripting. No authentication is required to exploit
this vulnerability.
The file upload component and the File Abstraction Layer are
failing to check for denied file extensions, which allows
authenticated editors (even with limited permissions) to
upload php files with arbitrary code, which can then be
executed in web server's context.
Discovery 2013-07-30 Entry 2013-08-05 typo3
ge 4.5.0 lt 4.5.29
ge 4.7.0 lt 4.7.14
ge 6.1.0 lt 6.1.3
CVE-2011-3642
CVE-2013-1464
|
48bcb4b2-e708-11e1-a59d-000d601460a4 | typo3 -- Multiple vulernabilities in TYPO3 Core
Typo Security Team reports:
It has been discovered that TYPO3 Core is vulnerable to Cross-Site
Scripting, Information Disclosure, Insecure Unserialize leading to
Arbitrary Code Execution.
TYPO3 Backend Help System - Due to a missing signature (HMAC) for a
parameter in the view_help.php file, an attacker could unserialize
arbitrary objects within TYPO3. We are aware of a working exploit,
which can lead to arbitrary code execution. A valid backend user
login or multiple successful cross site request forgery attacks are
required to exploit this vulnerability.
TYPO3 Backend - Failing to properly HTML-encode user input in
several places, the TYPO3 backend is susceptible to Cross-Site
Scripting. A valid backend user is required to exploit these
vulnerabilities.
TYPO3 Backend - Accessing the configuration module discloses the
Encryption Key. A valid backend user with access to the
configuration module is required to exploit this vulnerability.
TYPO3 HTML Sanitizing API - By not removing several HTML5
JavaScript events, the API method t3lib_div::RemoveXSS() fails to
filter specially crafted HTML injections, thus is susceptible to
Cross-Site Scripting. Failing to properly encode for JavaScript the
API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site
Scripting.
TYPO3 Install Tool - Failing to properly sanitize user input, the
Install Tool is susceptible to Cross-Site Scripting.
Discovery 2012-08-15 Entry 2012-08-15 typo3
ge 4.5.0 lt 4.5.19
ge 4.6.0 lt 4.6.12
ge 4.7.0 lt 4.7.4
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
|