This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:typo3:typo3:4.2.6
Detail
Vendortypo3First view 2009-04-03
Producttypo3Last view 2014-06-03
Version4.2.6TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
42014-06-03CVE-2014-3945NetworkHighNone Requ...
6.82012-05-30CVE-2010-5099NetworkMediumNone Requ...
4.32012-05-21CVE-2010-5104NetworkMediumNone Requ...
62012-05-21CVE-2010-5103NetworkMediumRequires ...
52012-05-21CVE-2010-5102NetworkLowNone Requ...
Hide | Show 18 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
42012-05-21CVE-2010-5101NetworkLowRequires ...
3.52012-05-21CVE-2010-5100NetworkMediumRequires ...
3.52012-05-21CVE-2010-5098NetworkMediumRequires ...
4.92010-10-25CVE-2010-4068NetworkMediumRequires ...
52010-10-25CVE-2010-3717NetworkLowNone Requ...
62010-10-25CVE-2010-3716NetworkMediumRequires ...
4.32010-10-25CVE-2010-3715NetworkMediumNone Requ...
7.12010-10-25CVE-2010-3714NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3636NetworkMediumNone Requ...
6.82009-11-02CVE-2009-3635NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3634NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3633NetworkMediumNone Requ...
6.52009-11-02CVE-2009-3632NetworkLowRequires ...
8.52009-11-02CVE-2009-3631NetworkMediumRequires ...
5.52009-11-02CVE-2009-3630NetworkLowRequires ...
3.52009-11-02CVE-2009-3629NetworkMediumRequires ...
42009-11-02CVE-2009-3628NetworkLowRequires ...
7.52009-04-03CVE-2008-6594NetworkLowNone Requ...

CWE : Common Weakness Enumeration

%idName
27% (6)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
13% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
13% (3)CWE-20Improper Input Validation
9% (2)CWE-287Improper Authentication
9% (2)CWE-264Permissions, Privileges, and Access Controls
Hide | Show 4 More...
%idName
9% (2)CWE-200Information Exposure
9% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
4% (1)CWE-352Cross-Site Request Forgery (CSRF)
4% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

idDescription
69219TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo...
69218TYPO3 Extension Manager Unspecified Arbitrary File Access
68593TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary...
68592TYPO3 Taskcenter sys_action Task Arbitrary User Creation
68591TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS
Hide | Show 11 More...
idDescription
68590TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A...
59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59489Typo3 Core Frontend Login Box (felogin) Unspecified XSS
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59487Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
59485Typo3 Core Backend Unspecified Frame Hijacking
59484Typo3 Core Backend Multiple Unspecified XSS
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation
45094cm_rdfexport Extension for TYPO3 Multiple Unspecified SQL Injection

ExploitDB Exploits

idDescription
15856TYPO3 Unauthenticated Arbitrary File Retrieval

OpenVAS Exploits

idDescription
2010-11-17Name : Debian Security Advisory DSA 2121-1 (typo3-src)
File : nvt/deb_2121_1.nasl
2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl

Nessus® Vulnerability Scanner

idDescription
2010-10-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO