This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:typo3:typo3:3.3.x
Detail
Vendortypo3First view 2009-03-04
Producttypo3Last view 2009-11-02
Version3.3.xTypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2009-11-02 CVE-2009-3636 Network Medium None Requ...
6.8 2009-11-02 CVE-2009-3635 Network Medium None Requ...
4.3 2009-11-02 CVE-2009-3633 Network Medium None Requ...
8.5 2009-11-02 CVE-2009-3631 Network Medium Requires ...
5.5 2009-11-02 CVE-2009-3630 Network Low Requires ...
Hide | Show 3 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4 2009-11-02 CVE-2009-3628 Network Low Requires ...
7.5 2009-04-03 CVE-2008-6594 Network Low None Requ...
5 2009-03-04 CVE-2009-0815 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
28% (2)CWE-200Information Exposure
14% (1)CWE-352Cross-Site Request Forgery (CSRF)
14% (1)CWE-287Improper Authentication
14% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
14% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
Hide | Show 1 More...
%idName
14% (1)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

idDescription
59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
59485Typo3 Core Backend Unspecified Frame Hijacking
Hide | Show 3 More...
idDescription
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation
52048TYPO3 class.tslib_fe.php 3 jump_url Function Arbitrary File Access
45094cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection

Metasploit Exploits

idDescription
2009-02-10Typo3 sa-2009-002 File Disclosure

OpenVAS Exploits

idDescription
2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo30.nasl
2009-02-13Name : Debian Security Advisory DSA 1720-1 (typo3-src)
File : nvt/deb_1720_1.nasl

Nessus® Vulnerability Scanner

idDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1720.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_cc47fafef82311dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote web server contains a PHP script that is prone to an information d...
File : typo3_jumpurl_info_disclosure.nasl - Type : ACT_ATTACK