This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:typo3:typo3:4.0.5
Detail
Vendortypo3First view 2007-12-14
Producttypo3Last view 2014-06-03
Version4.0.5TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
42014-06-03CVE-2014-3945NetworkHighNone Requ...
4.32009-11-02CVE-2009-3636NetworkMediumNone Requ...
6.82009-11-02CVE-2009-3635NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3633NetworkMediumNone Requ...
6.52009-11-02CVE-2009-3632NetworkLowRequires ...
Hide | Show 13 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
8.52009-11-02CVE-2009-3631NetworkMediumRequires ...
5.52009-11-02CVE-2009-3630NetworkLowRequires ...
3.52009-11-02CVE-2009-3629NetworkMediumRequires ...
42009-11-02CVE-2009-3628NetworkLowRequires ...
7.52009-04-03CVE-2008-6594NetworkLowNone Requ...
4.32009-03-04CVE-2009-0816NetworkMediumNone Requ...
102009-01-22CVE-2009-0258NetworkLowNone Requ...
4.32009-01-22CVE-2009-0257NetworkMediumNone Requ...
7.52009-01-22CVE-2009-0256NetworkLowNone Requ...
52009-01-22CVE-2009-0255NetworkLowNone Requ...
4.32008-06-16CVE-2008-2718NetworkMediumNone Requ...
6.52008-06-16CVE-2008-2717NetworkLowRequires ...
6.52007-12-14CVE-2007-6381NetworkLowRequires ...

CWE : Common Weakness Enumeration

%idName
29% (5)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
17% (3)CWE-287Improper Authentication
17% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
5% (1)CWE-352Cross-Site Request Forgery (CSRF)
5% (1)CWE-310Cryptographic Issues
Hide | Show 4 More...
%idName
5% (1)CWE-264Permissions, Privileges, and Access Controls
5% (1)CWE-200Information Exposure
5% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
5% (1)CWE-20Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-59Session Credential Falsification through Prediction
CAPEC-112Brute Force
CAPEC-281Analytic Attacks

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:18535DSA-1439-1 typo3-src
oval:org.mitre.oval:def:7834DSA-1596 typo3 -- several vulnerabilities
oval:org.mitre.oval:def:18363DSA-1596-1 typo3-src - several vulnerabilities
oval:org.mitre.oval:def:8128DSA-1711 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13135DSA-1711-1 typo3-src -- several
Hide | Show 2 More...
idName
oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

idDescription
59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59487Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
Hide | Show 14 More...
idDescription
59485Typo3 Core Backend Unspecified Frame Hijacking
59484Typo3 Core Backend Multiple Unspecified XSS
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation
53544Typo3 Workspace Module Unspecified XSS
53543Typo3 ADOdb System Extension test.php ADODB_vers Parameter XSS
53542Typo3 Indexed Search Engine (indexed_search) Indexed File XSS
53541Typo3 Authentication Library Session ID Re-use Session Fixation
52050TYPO3 Backend Unspecified XSS
51536TYPO3 System Extension Install Tool Encryption Key Random Seed Weakness
51535Indexed Search Engine System Extension for TYPO3 Unspecified Arbitrary Comman...
46286TYPO3 fe_adminlib.inc Unspecified XSS
46285TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
45094cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection
39506TYPO3 indexed_search System Extension SQL Injection

OpenVAS Exploits

idDescription
2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo30.nasl
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo31.nasl
2009-02-13Name : Debian Security Advisory DSA 1720-1 (typo3-src)
File : nvt/deb_1720_1.nasl
Hide | Show 3 More...
idDescription
2009-02-02Name : Debian Security Advisory DSA 1711-1 (typo3-src)
File : nvt/deb_1711_1.nasl
2008-06-28Name : Debian Security Advisory DSA 1596-1 (typo3)
File : nvt/deb_1596_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1439-1 (typo3-src)
File : nvt/deb_1439_1.nasl

Nessus® Vulnerability Scanner

idDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1720.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_cc47fafef82311dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-02-09Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
Hide | Show 3 More...
idDescription
2009-01-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1711.nasl - Type : ACT_GATHER_INFO
2008-06-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1596.nasl - Type : ACT_GATHER_INFO
2007-12-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1439.nasl - Type : ACT_GATHER_INFO