ID de Prueba:	1.3.6.1.4.1.25623.1.0.804220
Categoría:	Web application abuses
Título:	TYPO3 Multiple Vulnerabilities (Dec 2010)
Resumen:	TYPO3 is prone to multiple vulnerabilities.
Descripción:	Summary: TYPO3 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - An error exists in fileDenyPattern functionality, which does not properly filter file types. - An error exists enlarge functionality, FORM content object, list module and class.em_unzip.php script, which fails to validate certain user provided input properly. - An error exists in escapeStrForLike method, which does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES. Vulnerability Impact: Successful exploitation will allow remote attackers to get sensitive information or execute SQL commands. Affected Software/OS: TYPO3 version 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 Solution: Upgrade to TYPO3 version 4.2.16, 4.3.9, 4.4.5 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5097 BugTraq ID: 45470 http://www.securityfocus.com/bid/45470 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70123 http://secunia.com/advisories/35770 XForce ISS Database: typo3-clickenlarge-xss(64178) https://exchange.xforce.ibmcloud.com/vulnerabilities/64178 Common Vulnerability Exposure (CVE) ID: CVE-2010-5098 http://www.osvdb.org/70122 XForce ISS Database: typo3-form-xss(64179) https://exchange.xforce.ibmcloud.com/vulnerabilities/64179 Common Vulnerability Exposure (CVE) ID: CVE-2010-5099 http://www.exploit-db.com/exploits/15856 http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html XForce ISS Database: typo3-unspecified-file-include(64180) https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 Common Vulnerability Exposure (CVE) ID: CVE-2010-5100 http://www.osvdb.org/70120 XForce ISS Database: typo3-install-tool-xss(64181) https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 Common Vulnerability Exposure (CVE) ID: CVE-2010-5101 http://www.osvdb.org/70119 Common Vulnerability Exposure (CVE) ID: CVE-2010-5102 http://bugs.typo3.org/view.php?id=16362 http://securesystems.ca/advisory.php?id=2010-001 Common Vulnerability Exposure (CVE) ID: CVE-2010-5103 http://www.osvdb.org/70117 XForce ISS Database: typo3-listmodule-sql-injection(64184) https://exchange.xforce.ibmcloud.com/vulnerabilities/64184 Common Vulnerability Exposure (CVE) ID: CVE-2010-5104 http://www.osvdb.org/70116 XForce ISS Database: typo3-escapestrforlike-info-disc(64185) https://exchange.xforce.ibmcloud.com/vulnerabilities/64185
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.