Filtered by vendor Typo3 Subscriptions

Search

Switch to Advanced Search (Beta)
Total 488 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-3818 2 Stanislas Rolland, Typo3 2 Sr Freecap, Typo3 2025-04-09 N/A
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
CVE-2009-3819 2 Typo3, Urs Maag 2 Typo3, Maag Randomimage 2025-04-09 N/A
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVE-2009-3820 2 Flagbit, Typo3 2 Fb Filebase, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3821 2 Apache, Typo3 2 Solr, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2717 2 Apache, Typo3 2 Apache Webserver, Typo3 2025-04-09 N/A
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
CVE-2009-4158 2 Mario Matzulla, Typo3 2 Cal, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4159 2 Ivan Kartolo, Typo3 2 Direct Mail, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4160 2 Kurt Kunig, Typo3 2 Kk Downloader, Typo3 2025-04-09 N/A
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.
CVE-2009-4161 2 An Searchit, Typo3 2 An Searchit, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4162 2 Mauro Lorenzutti, Typo3 2 Wfqbe, Typo3 2025-04-09 N/A
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors.
CVE-2009-4165 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2025-04-09 N/A
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4167 2 Lukas Taferner, Typo3 2 It Basetag, Typo3 2025-04-09 N/A
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.
CVE-2009-4338 2 Jean-david Gadina, Typo3 2 Slideshow, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4339 2 Stephan Vits, Typo3 2 Mf Subscription, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4340 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4341 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2025-04-09 N/A
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4342 2 Melvin Mach, Typo3 2 Jobexchange, Typo3 2025-04-09 N/A
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4343 2 Dominic Eckart, Typo3 2 Trainincdb, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4344 2 Tobias Sommer, Typo3 2 Zid Linklist, Typo3 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.