oval:org.mitre.oval:def:7834

Definition Id: oval:org.mitre.oval:def:7834

Oval ID:	oval:org.mitre.oval:def:7834
Title:	DSA-1596 typo3 -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the TYPO3 content management framework. Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user. User input processed by fe_adminlib.inc is not being properly filtered to prevent Cross Site Scripting (XSS) attacks, which is exposed when specific plugins are in use.
Family:	unix	Class:	patch
Reference(s):	DSA-1596 CVE-2008-2717 CVE-2008-2718	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	typo3
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all Packages section typo3 is earlier than 4.0.2+debian-5 AND typo3-src-4.0 is earlier than 4.0.2+debian-5

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7834