The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TYPO3 Extensions ~ not comprehensive

vulnerability 29240

TYPO3 Extensions: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Extensions.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 07/05/2019.
Identifiers: TYPO3-EXT-SA-2019-005, TYPO3-EXT-SA-2019-006, TYPO3-EXT-SA-2019-007, TYPO3-EXT-SA-2019-008, TYPO3-EXT-SA-2019-009, TYPO3-EXT-SA-2019-010, TYPO3-EXT-SA-2019-011, TYPO3-EXT-SA-2019-012, TYPO3-EXT-SA-2019-013, VIGILANCE-VUL-29240.

Description of the vulnerability

An attacker can use several vulnerabilities of TYPO3 Extensions.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27838

TYPO3 libconnect: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of TYPO3 libconnect, in order to run JavaScript code in the context of the web site.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/11/2018.
Identifiers: TYPO3-EXT-SA-2018-010, VIGILANCE-VUL-27838.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of TYPO3 libconnect, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 26947

TYPO3 TemplaVoilà Plus: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of TYPO3 TemplaVoilà! Plus, in order to obtain sensitive information.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-009, VIGILANCE-VUL-26947.

Description of the vulnerability

An attacker can bypass access restrictions to data of TYPO3 TemplaVoilà! Plus, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 26946

TYPO3 Frontend Treeview: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of TYPO3 Frontend Treeview, in order to run JavaScript code in the context of the web site.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-008, VIGILANCE-VUL-26946.

Description of the vulnerability

The Frontend Treeview extension can be installed on TYPO3.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of TYPO3 Frontend Treeview, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5385

TYPO3 Amazon Web Services SDK: information disclosure via HTTP_PROXY

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon Web Services SDK, in order to obtain sensitive information.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: CVE-2016-5385, TYPO3-EXT-SA-2018-007, VIGILANCE-VUL-26945.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon Web Services SDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 26944

TYPO3 Front End User Registration: privilege escalation via Captcha Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Captcha Bypass of TYPO3 Front End User Registration, in order to escalate his privileges.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-006, VIGILANCE-VUL-26944.

Description of the vulnerability

An attacker can bypass restrictions via Captcha Bypass of TYPO3 Front End User Registration, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-5385

TYPO3 AWS SDK for PHP: information disclosure via HTTP_PROXY

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 AWS SDK for PHP, in order to obtain sensitive information.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: CVE-2016-5385, TYPO3-EXT-SA-2018-005, VIGILANCE-VUL-26943.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 AWS SDK for PHP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 26941

TYPO3 Powermail: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of TYPO3 Powermail, in order to run JavaScript code in the context of the web site.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-004, VIGILANCE-VUL-26941.

Description of the vulnerability

The Powermail extension can be installed on TYPO3.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of TYPO3 Powermail, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-5385

TYPO3 Amazon AWS S3 FAL driver: information disclosure via HTTP_PROXY

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon AWS S3 FAL driver, in order to obtain sensitive information.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: CVE-2016-5385, TYPO3-EXT-SA-2018-003, VIGILANCE-VUL-26940.

Description of the vulnerability

An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon AWS S3 FAL driver, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 26939

TYPO3 Register to tt_address: denial of service via Delete Records

Synthesis of the vulnerability

An attacker can generate a fatal error via Delete Records of TYPO3 Register to tt_address, in order to trigger a denial of service.
Impacted products: TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data deletion.
Provenance: internet client.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-002, VIGILANCE-VUL-26939.

Description of the vulnerability

An attacker can generate a fatal error via Delete Records of TYPO3 Register to tt_address, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about TYPO3 Extensions ~ not comprehensive: