Show filters
32 Total Results
Displaying 31-32 of 32
Sort by:
Attacker Value
Unknown

CVE-2008-2718

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2008-2717

Disclosure Date: June 16, 2008 (last updated October 04, 2023)
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
0
0
View More Topics  < Previous