Summary
Detail | |||
---|---|---|---|
Vendor | typo3 | First view | 2005-12-31 |
Product | typo3 | Last view | 2023-12-25 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.9 | 2023-12-25 | CVE-2023-30451 | In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. |
5.4 | 2023-11-14 | CVE-2023-47127 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
5.3 | 2023-11-14 | CVE-2023-47126 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic†non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
6.1 | 2023-11-14 | CVE-2023-47125 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
5.3 | 2023-07-25 | CVE-2023-38499 | TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. |
6.1 | 2023-02-07 | CVE-2023-24814 | TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation. |
4.9 | 2022-12-14 | CVE-2022-23504 | TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. |
8.8 | 2022-12-14 | CVE-2022-23503 | TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. |
5.4 | 2022-12-14 | CVE-2022-23502 | TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. |
6.5 | 2022-12-14 | CVE-2022-23501 | TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. |
7.5 | 2022-12-14 | CVE-2022-23500 | TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1. |
6.1 | 2022-09-13 | CVE-2022-36108 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. |
5.4 | 2022-09-13 | CVE-2022-36107 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. |
5.4 | 2022-09-13 | CVE-2022-36106 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. |
5.3 | 2022-09-13 | CVE-2022-36105 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue. |
7.5 | 2022-09-13 | CVE-2022-36104 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue. |
7.2 | 2022-06-14 | CVE-2022-31050 | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
5.4 | 2022-06-14 | CVE-2022-31049 | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
5.4 | 2022-06-14 | CVE-2022-31048 | TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
6.5 | 2022-06-14 | CVE-2022-31047 | TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. |
4.3 | 2022-06-14 | CVE-2022-31046 | TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. |
5.3 | 2021-10-05 | CVE-2021-41114 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability. |
8.8 | 2021-10-05 | CVE-2021-41113 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described. |
6.1 | 2021-08-10 | CVE-2021-32768 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described. |
6.5 | 2021-07-20 | CVE-2021-32767 | TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
36% (66) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
9% (17) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
9% (17) | CWE-20 | Improper Input Validation |
6% (12) | CWE-200 | Information Exposure |
5% (9) | CWE-287 | Improper Authentication |
3% (7) | CWE-264 | Permissions, Privileges, and Access Controls |
3% (6) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
2% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
2% (4) | CWE-502 | Deserialization of Untrusted Data |
2% (4) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
1% (3) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
1% (2) | CWE-674 | Uncontrolled Recursion |
1% (2) | CWE-613 | Insufficient Session Expiration |
1% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
1% (2) | CWE-330 | Use of Insufficiently Random Values |
1% (2) | CWE-319 | Cleartext Transmission of Sensitive Information |
1% (2) | CWE-312 | Cleartext Storage of Sensitive Information |
1% (2) | CWE-203 | Information Exposure Through Discrepancy |
0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (1) | CWE-644 | Improper Sanitization of HTTP Headers for Scripting Syntax |
0% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
0% (1) | CWE-552 | Files or Directories Accessible to External Parties |
0% (1) | CWE-532 | Information Leak Through Log Files |
0% (1) | CWE-405 | Asymmetric Resource Consumption (Amplification) |
0% (1) | CWE-399 | Resource Management Errors |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:18535 | DSA-1439-1 typo3-src |
oval:org.mitre.oval:def:7834 | DSA-1596 typo3 -- several vulnerabilities |
oval:org.mitre.oval:def:18363 | DSA-1596-1 typo3-src - several vulnerabilities |
oval:org.mitre.oval:def:8128 | DSA-1711 typo3-src -- several vulnerabilities |
oval:org.mitre.oval:def:13135 | DSA-1711-1 typo3-src -- several |
oval:org.mitre.oval:def:7703 | DSA-1926 typo3-src -- several vulnerabilities |
oval:org.mitre.oval:def:13360 | DSA-1926-1 typo3-src -- several |
oval:org.mitre.oval:def:19260 | DSA-2455-1 typo3-src - cross site scripting |
oval:org.mitre.oval:def:20092 | DSA-2445-1 typo3-src - several |
oval:org.mitre.oval:def:19962 | DSA-2537-1 typo3-src - several |
oval:org.mitre.oval:def:20089 | DSA-2646-1 typo3-src - several |
oval:org.mitre.oval:def:19903 | DSA-2574-1 typo3-src - several |
oval:org.mitre.oval:def:21057 | DSA-2834-1 typo3-src - several |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75584 | TYPO3 Unspecified SQL Injection |
69219 | TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo... |
69218 | TYPO3 Extension Manager Unspecified Arbitrary File Access |
68593 | TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary... |
68592 | TYPO3 Taskcenter sys_action Task Arbitrary User Creation |
68591 | TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS |
68590 | TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A... |
66693 | AJAX Chat Extension for TYPO3 Unspecified SQL Injection |
66692 | t3m_affiliate Extension for TYPO3 Unspecified SQL Injection |
66691 | Solidbase Bannermanagement Extension for TYPO3 Unspecified SQL Injection |
66690 | Event Registration Extension for TYPO3 Unspecified SQL Injection |
66689 | Car Extension for TYPO3 Unspecified SQL Injection |
66688 | AST ZipCodeSearch Extension for TYPO3 Unspecified SQL Injection |
66687 | AIRware Lexicon Extension for TYPO3 Unspecified SQL Injection |
66685 | Commerce Extension for TYPO3 Unspecified XSS |
66682 | T3M E-Mail Marketing Tool for TYPO3 Unspecified SQL Injection |
64565 | TYPO3 index.php showUid Parameter SQL Injection |
63602 | TYPO3 Autoloader Unspecified Arbitrary PHP Code Execution |
61680 | TYPO3 OpenID System Extension Backend Login Authentication Bypass |
59491 | Typo3 Core Install Tool Unspecified URL Parameter XSS |
59490 | Typo3 Core Install Tool MD5 Hash Authentication Bypass |
59489 | Typo3 Core Frontend Login Box (felogin) Unspecified XSS |
59488 | Typo3 Core t3lib_div::quoteJSvalue API Function XSS |
59487 | Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection |
59486 | Typo3 Core Backend Crafted File Upload Arbitrary Command Execution |
ExploitDB Exploits
id | Description |
---|---|
15856 | TYPO3 Unauthenticated Arbitrary File Retrieval |
OpenVAS Exploits
id | Description |
---|---|
2012-09-07 | Name : Debian Security Advisory DSA 2537-1 (typo3-src) File : nvt/deb_2537_1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2445-1 (typo3-src) File : nvt/deb_2445_1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2455-1 (typo3-src) File : nvt/deb_2455_1.nasl |
2012-04-30 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo34.nasl |
2012-02-22 | Name : TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability File : nvt/secpod_typo3_back_path_lfi_vuln.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2121-1 (typo3-src) File : nvt/deb_2121_1.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1926-1 (typo3-src) File : nvt/deb_1926_1.nasl |
2009-11-11 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo32.nasl |
2009-02-13 | Name : Debian Security Advisory DSA 1720-1 (typo3-src) File : nvt/deb_1720_1.nasl |
2009-02-13 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo30.nasl |
2009-02-13 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo31.nasl |
2009-02-02 | Name : Debian Security Advisory DSA 1711-1 (typo3-src) File : nvt/deb_1711_1.nasl |
2008-09-04 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo3.nasl |
2008-06-28 | Name : Debian Security Advisory DSA 1596-1 (typo3) File : nvt/deb_1596_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1439-1 (typo3-src) File : nvt/deb_1439_1.nasl |
0000-00-00 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo33.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Typo3 CMS index cross site scripting attempt RuleID : 36366 - Type : SERVER-WEBAPP - Revision : 3 |
2016-03-14 | Typo3 CMS show_rechis cross site scripting attempt RuleID : 36365 - Type : SERVER-WEBAPP - Revision : 3 |
2016-03-14 | Typo3 CMS index cross site scripting attempt RuleID : 36364 - Type : SERVER-WEBAPP - Revision : 2 |
2016-03-14 | Typo3 CMS show_rechis cross site scripting attempt RuleID : 36363 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-08-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1022.nasl - Type: ACT_GATHER_INFO |
2016-08-22 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1002.nasl - Type: ACT_GATHER_INFO |
2016-08-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-959.nasl - Type: ACT_GATHER_INFO |
2016-07-20 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3caf4e6c4cef11e6a15f00248c0c745d.nasl - Type: ACT_GATHER_INFO |
2015-02-27 | Name: The remote host is affected by a URL spoofing vulnerability. File: typo3_link_spoofing.nasl - Type: ACT_ATTACK |
2015-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3164.nasl - Type: ACT_GATHER_INFO |
2014-06-19 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-429.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-232.nasl - Type: ACT_GATHER_INFO |
2014-01-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2834.nasl - Type: ACT_GATHER_INFO |
2013-03-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2646.nasl - Type: ACT_GATHER_INFO |
2012-11-16 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2574.nasl - Type: ACT_GATHER_INFO |
2012-08-31 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2537.nasl - Type: ACT_GATHER_INFO |
2012-04-23 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2455.nasl - Type: ACT_GATHER_INFO |
2012-04-19 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_6751617788ec11e19a100023ae8e59f0.nasl - Type: ACT_GATHER_INFO |
2012-04-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2445.nasl - Type: ACT_GATHER_INFO |
2011-12-23 | Name: The remote web server contains a PHP script that is affected by a remote file... File: typo3_462_rfi.nasl - Type: ACT_ATTACK |
2011-12-19 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3c957a3e297811e189b4001ec9578670.nasl - Type: ACT_GATHER_INFO |
2010-10-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2121.nasl - Type: ACT_GATHER_INFO |
2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1926.nasl - Type: ACT_GATHER_INFO |
2009-11-06 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type: ACT_GATHER_INFO |
2009-02-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1720.nasl - Type: ACT_GATHER_INFO |
2009-02-12 | Name: The remote web server contains a PHP script that is affected by an informatio... File: typo3_jumpurl_info_disclosure.nasl - Type: ACT_ATTACK |
2009-02-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_cc47fafef82311dd94d90030843d3802.nasl - Type: ACT_GATHER_INFO |
2009-02-09 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl - Type: ACT_GATHER_INFO |
2009-01-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1711.nasl - Type: ACT_GATHER_INFO |