ID de Prueba:	1.3.6.1.4.1.25623.1.0.803990
Categoría:	Web application abuses
Título:	TYPO3 Multiple Vulnerabilities (Oct 2009)
Resumen:	TYPO3 is prone to multiple vulnerabilities.
Descripción:	Summary: TYPO3 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - Multiple errors in Backend subcomponent, which fails to validate user supplied input properly. - An error exists in Frontend Editing, which fails to sanitize URL parameters properly. - An error exists in API function t3lib_div::quoteJSvalue, which fails to validate user supplied input properly. - Multiple errors exist in Install Tool, which allows login with know md5 hash of Install Tool password. Vulnerability Impact: Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials or execute arbitrary code. Affected Software/OS: TYPO3 versions 4.0.13 and below, 4.1.0 to 4.1.12, 4.2.0 to 4.2.9 and 4.3.0beta1 Solution: Upgrade to TYPO3 version 4.1.13, 4.2.10, 4.3beta2 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3628 BugTraq ID: 36801 http://www.securityfocus.com/bid/36801 http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://www.vupen.com/english/advisories/2009/3009 XForce ISS Database: typo3-ttcontent-info-disclosure(53917) https://exchange.xforce.ibmcloud.com/vulnerabilities/53917 Common Vulnerability Exposure (CVE) ID: CVE-2009-3629 http://marc.info/?l=oss-security&m=125633199111438&w=2 XForce ISS Database: typo3-backend-xss(53918) https://exchange.xforce.ibmcloud.com/vulnerabilities/53918 Common Vulnerability Exposure (CVE) ID: CVE-2009-3630 XForce ISS Database: typo3-url-hijacking(53920) https://exchange.xforce.ibmcloud.com/vulnerabilities/53920 Common Vulnerability Exposure (CVE) ID: CVE-2009-3631 XForce ISS Database: typo3-uploads-command-execution(53923) https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 Common Vulnerability Exposure (CVE) ID: CVE-2009-3632 XForce ISS Database: typo3-editing-sql-injection(53924) https://exchange.xforce.ibmcloud.com/vulnerabilities/53924 Common Vulnerability Exposure (CVE) ID: CVE-2009-3633 XForce ISS Database: typo3-t3libdivquotejsvalue-xss(53925) https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 Common Vulnerability Exposure (CVE) ID: CVE-2009-3635 XForce ISS Database: typo3-installtool-auth-bypass(53928) https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 Common Vulnerability Exposure (CVE) ID: CVE-2009-3636 XForce ISS Database: typo3-installtool-xss(53929) https://exchange.xforce.ibmcloud.com/vulnerabilities/53929
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.