This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


CPE Namecpe:/a:typo3:typo3:4.0.5
Vendortypo3First view 2007-12-14
Producttypo3Last view2014-06-03
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
42014-06-03CVE-2014-3945NetworkHighNone Requ...
4.32009-11-02CVE-2009-3636NetworkMediumNone Requ...
6.82009-11-02CVE-2009-3635NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3633NetworkMediumNone Requ...
6.52009-11-02CVE-2009-3632NetworkLowRequires ...
Hide | Show 13 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
8.52009-11-02CVE-2009-3631NetworkMediumRequires ...
5.52009-11-02CVE-2009-3630NetworkLowRequires ...
3.52009-11-02CVE-2009-3629NetworkMediumRequires ...
42009-11-02CVE-2009-3628NetworkLowRequires ...
7.52009-04-03CVE-2008-6594NetworkLowNone Requ...
4.32009-03-04CVE-2009-0816NetworkMediumNone Requ...
102009-01-22CVE-2009-0258NetworkLowNone Requ...
4.32009-01-22CVE-2009-0257NetworkMediumNone Requ...
7.52009-01-22CVE-2009-0256NetworkLowNone Requ...
52009-01-22CVE-2009-0255NetworkLowNone Requ...
4.32008-06-16CVE-2008-2718NetworkMediumNone Requ...
6.52008-06-16CVE-2008-2717NetworkLowRequires ...
6.52007-12-14CVE-2007-6381NetworkLowRequires ...

CWE : Common Weakness Enumeration

29% (5)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
17% (3)CWE-287Improper Authentication
17% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
5% (1)CWE-352Cross-Site Request Forgery (CSRF)
5% (1)CWE-310Cryptographic Issues
Hide | Show 4 More...
5% (1)CWE-264Permissions, Privileges, and Access Controls
5% (1)CWE-200Information Exposure
5% (1)CWE-94Failure to Control Generation of Code ('Code Injection')
5% (1)CWE-20Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

CAPEC-59Session Credential Falsification through Prediction
CAPEC-112Brute Force
CAPEC-281Analytic Attacks

Oval Markup Language : Definitions

oval:org.mitre.oval:def:18535DSA-1439-1 typo3-src
oval:org.mitre.oval:def:7834DSA-1596 typo3 -- several vulnerabilities
oval:org.mitre.oval:def:18363DSA-1596-1 typo3-src - several vulnerabilities
oval:org.mitre.oval:def:8128DSA-1711 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13135DSA-1711-1 typo3-src -- several
Hide | Show 2 More...
oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59487Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
Hide | Show 14 More...
59485Typo3 Core Backend Unspecified Frame Hijacking
59484Typo3 Core Backend Multiple Unspecified XSS
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation
53544Typo3 Workspace Module Unspecified XSS
53543Typo3 ADOdb System Extension test.php ADODB_vers Parameter XSS
53542Typo3 Indexed Search Engine (indexed_search) Indexed File XSS
53541Typo3 Authentication Library Session ID Re-use Session Fixation
52050TYPO3 Backend Unspecified XSS
51536TYPO3 System Extension Install Tool Encryption Key Random Seed Weakness
51535Indexed Search Engine System Extension for TYPO3 Unspecified Arbitrary Comman...
46286TYPO3 Unspecified XSS
46285TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
45094cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection
39506TYPO3 indexed_search System Extension SQL Injection

OpenVAS Exploits

2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo30.nasl
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo31.nasl
2009-02-13Name : Debian Security Advisory DSA 1720-1 (typo3-src)
File : nvt/deb_1720_1.nasl
Hide | Show 3 More...
2009-02-02Name : Debian Security Advisory DSA 1711-1 (typo3-src)
File : nvt/deb_1711_1.nasl
2008-06-28Name : Debian Security Advisory DSA 1596-1 (typo3)
File : nvt/deb_1596_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1439-1 (typo3-src)
File : nvt/deb_1439_1.nasl

Nessus® Vulnerability Scanner

2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1720.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_cc47fafef82311dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-02-09Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
Hide | Show 3 More...
2009-01-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1711.nasl - Type : ACT_GATHER_INFO
2008-06-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1596.nasl - Type : ACT_GATHER_INFO
2007-12-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1439.nasl - Type : ACT_GATHER_INFO