| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of TYPO3 Extensions ~ not comprehensive
phpMyAdmin: Cross Site Request Forgery via Login Form
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-249, CVE-2019-12616, DLA-1821-1, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-4, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29465.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 Extensions: nine vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of TYPO3 Extensions.
Severity: 2/4.
Creation date: 07/05/2019.
Identifiers: TYPO3-EXT-SA-2019-005, TYPO3-EXT-SA-2019-006, TYPO3-EXT-SA-2019-007, TYPO3-EXT-SA-2019-008, TYPO3-EXT-SA-2019-009, TYPO3-EXT-SA-2019-010, TYPO3-EXT-SA-2019-011, TYPO3-EXT-SA-2019-012, TYPO3-EXT-SA-2019-013, VIGILANCE-VUL-29240.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can use several vulnerabilities of TYPO3 Extensions.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 Extensions: four vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of TYPO3 Extensions.
Severity: 3/4.
Creation date: 22/01/2019.
Identifiers: TYPO3-EXT-SA-2019-001, TYPO3-EXT-SA-2019-002, TYPO3-EXT-SA-2019-003, TYPO3-EXT-SA-2019-004, VIGILANCE-VUL-28324.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can use several vulnerabilities of TYPO3 Extensions.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 libconnect: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of TYPO3 libconnect, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 20/11/2018.
Identifiers: TYPO3-EXT-SA-2018-010, VIGILANCE-VUL-27838.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of TYPO3 libconnect, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 TemplaVoilà Plus: information disclosure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data of TYPO3 TemplaVoilà! Plus, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-009, VIGILANCE-VUL-26947.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data of TYPO3 TemplaVoilà! Plus, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 Frontend Treeview: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of TYPO3 Frontend Treeview, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-008, VIGILANCE-VUL-26946.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Frontend Treeview extension can be installed on TYPO3.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of TYPO3 Frontend Treeview, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 Amazon Web Services SDK: information disclosure via HTTP_PROXY
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon Web Services SDK, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: CVE-2016-5385, TYPO3-EXT-SA-2018-007, VIGILANCE-VUL-26945.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 Amazon Web Services SDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 Front End User Registration: privilege escalation via Captcha Bypass
Synthesis of the vulnerability
An attacker can bypass restrictions via Captcha Bypass of TYPO3 Front End User Registration, in order to escalate his privileges.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: TYPO3-EXT-SA-2018-006, VIGILANCE-VUL-26944.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass restrictions via Captcha Bypass of TYPO3 Front End User Registration, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
TYPO3 AWS SDK for PHP: information disclosure via HTTP_PROXY
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 AWS SDK for PHP, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: CVE-2016-5385, TYPO3-EXT-SA-2018-005, VIGILANCE-VUL-26943.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via HTTP_PROXY of TYPO3 AWS SDK for PHP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about TYPO3 Extensions ~ not comprehensive:
|