Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51848 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51843 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." Date published : 2012-02-14 http://www.securityfocus.com/bid/51844...
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2012-02-14 http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/ http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51838 http://typo3.org/extensions/repository/view/rtg_files/1.5.2/
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51838 http://typo3.org/extensions/repository/view/rtg_files/1.5.2/
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51837 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51834 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2012-02-14 http://www.securityfocus.com/bid/51834 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. Date...
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...
Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Date published : 2012-02-14 http://www.securityfocus.com/bid/51803 http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt
Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to...
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information...