This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:typo3:typo3:3.7.0
Detail
Vendortypo3First view 2005-12-31
Producttypo3Last view2015-09-16
Version3.7.0TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
3.52015-09-16CVE-2015-5956NetworkMediumRequires ...
42014-06-03CVE-2014-3945NetworkHighNone Requ...
4.32009-11-02CVE-2009-3636NetworkMediumNone Requ...
6.82009-11-02CVE-2009-3635NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3633NetworkMediumNone Requ...
Hide | Show 11 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
6.52009-11-02CVE-2009-3632NetworkLowRequires ...
8.52009-11-02CVE-2009-3631NetworkMediumRequires ...
5.52009-11-02CVE-2009-3630NetworkLowRequires ...
3.52009-11-02CVE-2009-3629NetworkMediumRequires ...
42009-11-02CVE-2009-3628NetworkLowRequires ...
7.52009-04-03CVE-2008-6594NetworkLowNone Requ...
6.52007-12-14CVE-2007-6381NetworkLowRequires ...
7.52007-02-22CVE-2007-1081NetworkLowNone Requ...
7.52006-12-21CVE-2006-6690NetworkLowNone Requ...
2.62006-09-27CVE-2006-5069NetworkHighNone Requ...
7.52005-12-31CVE-2005-4875NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
25% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
25% (3)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (2)CWE-287Improper Authentication
16% (2)CWE-200Information Exposure
8% (1)CWE-352Cross-Site Request Forgery (CSRF)
Hide | Show 1 More...
%idName
8% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:18535DSA-1439-1 typo3-src
oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

idDescription
59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59487Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
Hide | Show 9 More...
idDescription
59485Typo3 Core Backend Unspecified Frame Hijacking
59484Typo3 Core Backend Multiple Unspecified XSS
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation
45094cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection
39506TYPO3 indexed_search System Extension SQL Injection
33471TYPO3 class.t3lib_formmail.php start Function Mail header Injection
30890TYPO3 (class.tx_rtehtmlarea_pi1.php) spell-check-logic.php userUid Arbitrary ...
29173TYPO3 Indexed Search Word XSS
20936TYPO3 Debug Script phpinfo() Remote Information Disclosure

OpenVAS Exploits

idDescription
2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl
2008-09-04Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo3.nasl
2008-01-17Name : Debian Security Advisory DSA 1439-1 (typo3-src)
File : nvt/deb_1439_1.nasl

Snort® IPS/IDS

DateDescription
2016-03-14Typo3 CMS index cross site scripting attempt
RuleID : 36366 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS show_rechis cross site scripting attempt
RuleID : 36365 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS index cross site scripting attempt
RuleID : 36364 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS show_rechis cross site scripting attempt
RuleID : 36363 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

idDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO
2007-12-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1439.nasl - Type : ACT_GATHER_INFO
2007-06-05Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_62b8f25312d911dca35c001485ab073e.nasl - Type : ACT_GATHER_INFO
2006-12-21Name : The remote web server contains a PHP script that allows arbitrary command exe...
File : typo3_useruid_cmd_exec.nasl - Type : ACT_ATTACK