This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:typo3:typo3:4.4.2
Detail
Vendortypo3First view 2010-10-25
Producttypo3Last view 2014-06-03
Version4.4.2TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:typo3:typo3

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4 2014-06-03 CVE-2014-3945 Network High None Requ...
5 2012-09-04 CVE-2012-1608 Network Low None Requ...
5 2012-09-04 CVE-2012-1607 Network Low None Requ...
3.5 2012-09-04 CVE-2012-1606 Network Medium Requires ...
4.3 2012-08-27 CVE-2012-2112 Network Medium None Requ...
Hide | Show 12 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
6.8 2012-05-30 CVE-2010-5099 Network Medium None Requ...
4.3 2012-05-21 CVE-2010-5104 Network Medium None Requ...
6 2012-05-21 CVE-2010-5103 Network Medium Requires ...
5 2012-05-21 CVE-2010-5102 Network Low None Requ...
4 2012-05-21 CVE-2010-5101 Network Low Requires ...
3.5 2012-05-21 CVE-2010-5100 Network Medium Requires ...
3.5 2012-05-21 CVE-2010-5098 Network Medium Requires ...
2.6 2012-05-21 CVE-2010-5097 Network High None Requ...
4.9 2010-10-25 CVE-2010-4068 Network Medium Requires ...
5 2010-10-25 CVE-2010-3717 Network Low None Requ...
4.3 2010-10-25 CVE-2010-3715 Network Medium None Requ...
7.1 2010-10-25 CVE-2010-3714 Network Medium None Requ...

CWE : Common Weakness Enumeration

%idName
35% (6)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
17% (3)CWE-20Improper Input Validation
11% (2)CWE-264Permissions, Privileges, and Access Controls
11% (2)CWE-200Information Exposure
11% (2)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
Hide | Show 2 More...
%idName
5% (1)CWE-287Improper Authentication
5% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:20092DSA-2445-1 typo3-src - several
oval:org.mitre.oval:def:19260DSA-2455-1 typo3-src - cross site scripting

Open Source Vulnerability Database (OSVDB)

idDescription
69219TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo...
69218TYPO3 Extension Manager Unspecified Arbitrary File Access
68593TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary...
68591TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS
68590TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A...

ExploitDB Exploits

idDescription
15856TYPO3 Unauthenticated Arbitrary File Retrieval

OpenVAS Exploits

idDescription
2012-04-30Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo34.nasl
2012-04-30Name : Debian Security Advisory DSA 2445-1 (typo3-src)
File : nvt/deb_2445_1.nasl
2012-04-30Name : Debian Security Advisory DSA 2455-1 (typo3-src)
File : nvt/deb_2455_1.nasl
2010-11-17Name : Debian Security Advisory DSA 2121-1 (typo3-src)
File : nvt/deb_2121_1.nasl

Nessus® Vulnerability Scanner

idDescription
2012-04-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2455.nasl - Type : ACT_GATHER_INFO
2012-04-19Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6751617788ec11e19a100023ae8e59f0.nasl - Type : ACT_GATHER_INFO
2012-04-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2445.nasl - Type : ACT_GATHER_INFO
2010-10-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO