Search Results | AttackerKB

Show filters

Topics 297 Users 9,716

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

297 Total Results

Displaying 171-180 of 297

Attacker Value

Unknown

CVE-2010-5104

Disclosure Date: May 21, 2012 (last updated October 04, 2023)

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

0

Attacker Value

Unknown

CVE-2010-5103

Disclosure Date: May 21, 2012 (last updated October 04, 2023)

SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

0

Attacker Value

Unknown

CVE-2011-4614

Disclosure Date: February 18, 2012 (last updated October 04, 2023)

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

0

Attacker Value

Unknown

CVE-2012-1073

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2012-1082

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2012-1072

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

0

Attacker Value

Unknown

CVE-2012-1080

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2012-1086

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

0

Attacker Value

Unknown

CVE-2012-1085

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.

0

Attacker Value

Unknown

CVE-2012-1083

Disclosure Date: February 14, 2012 (last updated October 04, 2023)

Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

0