Debian: DSA-1926-1 Critical: TYPO3 Remote Exploits Overview
debian
November 4, 2009
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework
Topics Covered
Summary
CVE-2009-3628
The Backend subcomponent allows remote authenticated users to
determine an encryption key via crafted input to a form field.
CVE-2009-3629
Multiple cross-site scripting (XSS) vulnerabilities in the
Backend subcomponent allow remote authenticated users to inject
arbitrary web script or HTML.
CVE-2009-3630
The Backend subcomponent allows remote authenticated users to
place arbitrary web sites in TYPO3 backend framesets via
crafted parameters.
CVE-2009-3631
The Backend subcomponent, when the DAM extension or ftp upload
is enabled, allows remote authenticated users to execute
arbitrary commands via shell metacharacters in a filename.
CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing
feature in the Frontend Editing subcomponent allows remote
authenticated users to execute arbitrary SQL commands.
CVE-2009-3633
Cross-site scripting (XSS) vulnerability in allows remote
attackers to inject arbitrary web script.
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!