This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


CPE Namecpe:/a:typo3:typo3:4.2.9
Vendortypo3First view 2009-11-02
Producttypo3Last view2015-09-16
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
3.52015-09-16CVE-2015-5956NetworkMediumRequires ...
42014-06-03CVE-2014-3945NetworkHighNone Requ...
6.82012-05-30CVE-2010-5099NetworkMediumNone Requ...
4.32012-05-21CVE-2010-5104NetworkMediumNone Requ...
62012-05-21CVE-2010-5103NetworkMediumRequires ...
Hide | Show 17 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52012-05-21CVE-2010-5102NetworkLowNone Requ...
42012-05-21CVE-2010-5101NetworkLowRequires ...
3.52012-05-21CVE-2010-5100NetworkMediumRequires ...
3.52012-05-21CVE-2010-5098NetworkMediumRequires ...
4.92010-10-25CVE-2010-4068NetworkMediumRequires ...
52010-10-25CVE-2010-3717NetworkLowNone Requ...
62010-10-25CVE-2010-3716NetworkMediumRequires ...
4.32010-10-25CVE-2010-3715NetworkMediumNone Requ...
7.12010-10-25CVE-2010-3714NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3636NetworkMediumNone Requ...
6.82009-11-02CVE-2009-3635NetworkMediumNone Requ...
4.32009-11-02CVE-2009-3633NetworkMediumNone Requ...
6.52009-11-02CVE-2009-3632NetworkLowRequires ...
8.52009-11-02CVE-2009-3631NetworkMediumRequires ...
5.52009-11-02CVE-2009-3630NetworkLowRequires ...
3.52009-11-02CVE-2009-3629NetworkMediumRequires ...
42009-11-02CVE-2009-3628NetworkLowRequires ...

CWE : Common Weakness Enumeration

28% (6)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (3)CWE-20Improper Input Validation
9% (2)CWE-287Improper Authentication
9% (2)CWE-264Permissions, Privileges, and Access Controls
9% (2)CWE-200Information Exposure
Hide | Show 4 More...
9% (2)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
9% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
4% (1)CWE-352Cross-Site Request Forgery (CSRF)
4% (1)CWE-94Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

oval:org.mitre.oval:def:7703DSA-1926 typo3-src -- several vulnerabilities
oval:org.mitre.oval:def:13360DSA-1926-1 typo3-src -- several

Open Source Vulnerability Database (OSVDB)

69219TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo...
69218TYPO3 Extension Manager Unspecified Arbitrary File Access
68593TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary...
68592TYPO3 Taskcenter sys_action Task Arbitrary User Creation
68591TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS
Hide | Show 9 More...
68590TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A...
59491Typo3 Core Install Tool Unspecified URL Parameter XSS
59490Typo3 Core Install Tool MD5 Hash Authentication Bypass
59488Typo3 Core t3lib_div::quoteJSvalue API Function XSS
59487Typo3 Core Frontend Editing Unspecified URL Parameter SQL Injection
59486Typo3 Core Backend Crafted File Upload Arbitrary Command Execution
59485Typo3 Core Backend Unspecified Frame Hijacking
59484Typo3 Core Backend Multiple Unspecified XSS
59483Typo3 Core Backend tt_content Form Element Encryption Key Recalculation

ExploitDB Exploits

15856TYPO3 Unauthenticated Arbitrary File Retrieval

OpenVAS Exploits

2010-11-17Name : Debian Security Advisory DSA 2121-1 (typo3-src)
File : nvt/deb_2121_1.nasl
2009-11-11Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo32.nasl
2009-11-11Name : Debian Security Advisory DSA 1926-1 (typo3-src)
File : nvt/deb_1926_1.nasl

Snort® IPS/IDS

2016-03-14Typo3 CMS index cross site scripting attempt
RuleID : 36366 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS show_rechis cross site scripting attempt
RuleID : 36365 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS index cross site scripting attempt
RuleID : 36364 - Type : SERVER-WEBAPP - Revision : 1
2016-03-14Typo3 CMS show_rechis cross site scripting attempt
RuleID : 36363 - Type : SERVER-WEBAPP - Revision : 1

Nessus® Vulnerability Scanner

2010-10-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1926.nasl - Type : ACT_GATHER_INFO
2009-11-06Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6693bad2ca5011de8ee800215c6a37bb.nasl - Type : ACT_GATHER_INFO