This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:typo3:typo3:4.0.5 |
| Detail | |||
|---|---|---|---|
| Vendor | typo3 | First view | 2007-12-14 |
| Product | typo3 | Last view | 2014-06-03 |
| Version | 4.0.5 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:typo3:typo3 | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4 | 2014-06-03 | CVE-2014-3945 | Network | High | None Requ... | |
| 4.3 | 2009-11-02 | CVE-2009-3636 | Network | Medium | None Requ... | |
| 6.8 | 2009-11-02 | CVE-2009-3635 | Network | Medium | None Requ... | |
| 4.3 | 2009-11-02 | CVE-2009-3633 | Network | Medium | None Requ... | |
| 6.5 | 2009-11-02 | CVE-2009-3632 | Network | Low | Requires ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 8.5 | 2009-11-02 | CVE-2009-3631 | Network | Medium | Requires ... | |
| 5.5 | 2009-11-02 | CVE-2009-3630 | Network | Low | Requires ... | |
| 3.5 | 2009-11-02 | CVE-2009-3629 | Network | Medium | Requires ... | |
| 4 | 2009-11-02 | CVE-2009-3628 | Network | Low | Requires ... | |
| 7.5 | 2009-04-03 | CVE-2008-6594 | Network | Low | None Requ... | |
| 4.3 | 2009-03-04 | CVE-2009-0816 | Network | Medium | None Requ... | |
| 10 | 2009-01-22 | CVE-2009-0258 | Network | Low | None Requ... | |
| 4.3 | 2009-01-22 | CVE-2009-0257 | Network | Medium | None Requ... | |
| 7.5 | 2009-01-22 | CVE-2009-0256 | Network | Low | None Requ... | |
| 5 | 2009-01-22 | CVE-2009-0255 | Network | Low | None Requ... | |
| 4.3 | 2008-06-16 | CVE-2008-2718 | Network | Medium | None Requ... | |
| 6.5 | 2008-06-16 | CVE-2008-2717 | Network | Low | Requires ... | |
| 6.5 | 2007-12-14 | CVE-2007-6381 | Network | Low | Requires ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 29% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 17% (3) | CWE-287 | Improper Authentication |
| 17% (3) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 5% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 5% (1) | CWE-310 | Cryptographic Issues |
| % | id | Name |
|---|---|---|
| 5% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 5% (1) | CWE-200 | Information Exposure |
| 5% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 5% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-59 | Session Credential Falsification through Prediction |
| CAPEC-112 | Brute Force |
| CAPEC-281 | Analytic Attacks |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:18535 | DSA-1439-1 typo3-src |
| oval:org.mitre.oval:def:7834 | DSA-1596 typo3 -- several vulnerabilities |
| oval:org.mitre.oval:def:18363 | DSA-1596-1 typo3-src - several vulnerabilities |
| oval:org.mitre.oval:def:8128 | DSA-1711 typo3-src -- several vulnerabilities |
| oval:org.mitre.oval:def:13135 | DSA-1711-1 typo3-src -- several |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:7703 | DSA-1926 typo3-src -- several vulnerabilities |
| oval:org.mitre.oval:def:13360 | DSA-1926-1 typo3-src -- several |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 59491 | Typo3 Core Install Tool Unspecified URL Parameter XSS |
| 59490 | Typo3 Core Install Tool MD5 Hash Authentication Bypass |
| 59488 | Typo3 Core t3lib_div::quoteJSvalue API Function XSS |
| 59487 | Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection |
| 59486 | Typo3 Core Backend Crafted File Upload Arbitrary Command Execution |
| id | Description |
|---|---|
| 59485 | Typo3 Core Backend Unspecified Frame Hijacking |
| 59484 | Typo3 Core Backend Multiple Unspecified XSS |
| 59483 | Typo3 Core Backend tt_content Form Element Encryption Key Recalculation |
| 53544 | Typo3 Workspace Module Unspecified XSS |
| 53543 | Typo3 ADOdb System Extension test.php ADODB_vers Parameter XSS |
| 53542 | Typo3 Indexed Search Engine (indexed_search) Indexed File XSS |
| 53541 | Typo3 Authentication Library Session ID Re-use Session Fixation |
| 52050 | TYPO3 Backend Unspecified XSS |
| 51536 | TYPO3 System Extension Install Tool Encryption Key Random Seed Weakness |
| 51535 | Indexed Search Engine System Extension for TYPO3 Unspecified Arbitrary Comman... |
| 46286 | TYPO3 fe_adminlib.inc Unspecified XSS |
| 46285 | TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution |
| 45094 | cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection |
| 39506 | TYPO3 indexed_search System Extension SQL Injection |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-11-11 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo32.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1926-1 (typo3-src) File : nvt/deb_1926_1.nasl |
| 2009-02-13 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo30.nasl |
| 2009-02-13 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo31.nasl |
| 2009-02-13 | Name : Debian Security Advisory DSA 1720-1 (typo3-src) File : nvt/deb_1720_1.nasl |
| id | Description |
|---|---|
| 2009-02-02 | Name : Debian Security Advisory DSA 1711-1 (typo3-src) File : nvt/deb_1711_1.nasl |
| 2008-06-28 | Name : Debian Security Advisory DSA 1596-1 (typo3) File : nvt/deb_1596_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1439-1 (typo3-src) File : nvt/deb_1439_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO |
| 2009-11-06 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1720.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_cc47fafef82311dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-02-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2009-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1711.nasl - Type : ACT_GATHER_INFO |
| 2008-06-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1596.nasl - Type : ACT_GATHER_INFO |
| 2007-12-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1439.nasl - Type : ACT_GATHER_INFO |
