Typo3 Typo3 4.4.2

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name	cpe:/a:typo3:typo3:4.4.2

Detail
Vendor	typo3	First view	2010-10-25
Product	typo3	Last view	2014-06-03
Version	4.4.2	Type	Application
Edition
Language
Update

CPE Product	cpe:/a:typo3:typo3

Activity : Overall

Related : CVE

	Date	Alert	Access Vector	Access Complexity	Authentication
4	2014-06-03	CVE-2014-3945	Network	High	None Requ...
5	2012-09-04	CVE-2012-1608	Network	Low	None Requ...
5	2012-09-04	CVE-2012-1607	Network	Low	None Requ...
3.5	2012-09-04	CVE-2012-1606	Network	Medium	Requires ...
4.3	2012-08-27	CVE-2012-2112	Network	Medium	None Requ...
Hide \| Show 12 More...

	Date	Alert	Access Vector	Access Complexity	Authentication
6.8	2012-05-30	CVE-2010-5099	Network	Medium	None Requ...
4.3	2012-05-21	CVE-2010-5104	Network	Medium	None Requ...
6	2012-05-21	CVE-2010-5103	Network	Medium	Requires ...
5	2012-05-21	CVE-2010-5102	Network	Low	None Requ...
4	2012-05-21	CVE-2010-5101	Network	Low	Requires ...
3.5	2012-05-21	CVE-2010-5100	Network	Medium	Requires ...
3.5	2012-05-21	CVE-2010-5098	Network	Medium	Requires ...
2.6	2012-05-21	CVE-2010-5097	Network	High	None Requ...
4.9	2010-10-25	CVE-2010-4068	Network	Medium	Requires ...
5	2010-10-25	CVE-2010-3717	Network	Low	None Requ...
4.3	2010-10-25	CVE-2010-3715	Network	Medium	None Requ...
7.1	2010-10-25	CVE-2010-3714	Network	Medium	None Requ...

CWE : Common Weakness Enumeration

%	id	Name
35% (6)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
17% (3)	CWE-20	Improper Input Validation
11% (2)	CWE-264	Permissions, Privileges, and Access Controls
11% (2)	CWE-200	Information Exposure
11% (2)	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path ...
Hide \| Show 2 More...

%	id	Name
5% (1)	CWE-287	Improper Authentication
5% (1)	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('...

Oval Markup Language : Definitions

OvalID	Name
oval:org.mitre.oval:def:20092	DSA-2445-1 typo3-src - several
oval:org.mitre.oval:def:19260	DSA-2455-1 typo3-src - cross site scripting

Open Source Vulnerability Database (OSVDB)

id	Description
69219	TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo...
69218	TYPO3 Extension Manager Unspecified Arbitrary File Access
68593	TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary...
68591	TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS
68590	TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A...

ExploitDB Exploits

id	Description
15856	TYPO3 Unauthenticated Arbitrary File Retrieval

OpenVAS Exploits

id	Description
2012-04-30	Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo34.nasl
2012-04-30	Name : Debian Security Advisory DSA 2445-1 (typo3-src) File : nvt/deb_2445_1.nasl
2012-04-30	Name : Debian Security Advisory DSA 2455-1 (typo3-src) File : nvt/deb_2455_1.nasl
2010-11-17	Name : Debian Security Advisory DSA 2121-1 (typo3-src) File : nvt/deb_2121_1.nasl

Nessus® Vulnerability Scanner

id	Description
2012-04-23	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2455.nasl - Type : ACT_GATHER_INFO
2012-04-19	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6751617788ec11e19a100023ae8e59f0.nasl - Type : ACT_GATHER_INFO
2012-04-02	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2445.nasl - Type : ACT_GATHER_INFO
2010-10-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO

Copyright Security-Database 2006-2014 - Powered by themself ;) in 0.4193s

Facebook rss twitter linkedin mail