[Git][security-tracker-team/security-tracker][master] Fix Typo3 to TYPO3
Henri Salo
gitlab at salsa.debian.org
Sat Oct 19 09:58:54 BST 2019
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6827f4b by Henri Salo at 2019-10-19T08:58:32Z
Fix Typo3 to TYPO3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
NOT-FOR-US: pfSense
CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2019-16697
RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...)
@@ -4614,7 +4614,7 @@ CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. Wh
CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
NOT-FOR-US: Xoops
CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
NOT-FOR-US: Mastodon
CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
@@ -17204,9 +17204,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.
NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269
NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
{DLA-1877-1}
- otrs2 6.0.20-1
@@ -19490,7 +19490,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zer
- linux 4.19.37-4
NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64
CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...)
{DSA-4445-1 DLA-1797-1}
- drupal7 <removed> (bug #928688)
@@ -140267,7 +140267,7 @@ CVE-2017-6372
CVE-2017-6371
RESERVED
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...)
{DSA-3824-1 DLA-879-1}
- firebird2.5 <unfixed> (bug #858641)
@@ -141456,9 +141456,9 @@ CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote
CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...)
NOT-FOR-US: Emoncms
CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...)
NOT-FOR-US: ionize
CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...)
@@ -184171,17 +184171,17 @@ CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x,
CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...)
NOT-FOR-US: Values module for Drupal
CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote att ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in T ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified fro ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in T ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified bac ...)
- NOT-FOR-US: Typo3
+ NOT-FOR-US: TYPO3
CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote att ...)
NOT-FOR-US: Mollom module for Drupal
CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...)
@@ -223064,29 +223064,29 @@ CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history imp
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum extens ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6298 (Unrestricted file upload vulnerability in the mm_forum extension befor ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6297 (Cross-site scripting (XSS) vulnerability in the mm_forum extension bef ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6296 (Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) exte ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6295 (SQL injection vulnerability in the WEC Map (wec_map) extension before ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6294 (Cross-site scripting (XSS) vulnerability in the External links click s ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6293 (SQL injection vulnerability in the Statistics (ke_stats) extension bef ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6292 (The femanager extension before 1.0.9 for TYPO3 allows remote frontend ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6291 (Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (al ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6290 (The News (tt_news) extension before 3.5.2 for TYPO3 allows remote atta ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) exten ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote atta ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File Ser ...)
NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-6286
@@ -223264,27 +223264,27 @@ CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.
- procmail 3.22-22 (bug #760443)
NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
- NOT-FOR-US: Typo3 extension wt_directory
+ NOT-FOR-US: TYPO3 extension wt_directory
CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...)
- NOT-FOR-US: Typo3 extension weeaar_googlesitemap
+ NOT-FOR-US: TYPO3 extension weeaar_googlesitemap
CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google M ...)
- NOT-FOR-US: Typo3 extension st_address_map
+ NOT-FOR-US: TYPO3 extension st_address_map
CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...)
- NOT-FOR-US: Typo3 extension Akronymmanager
+ NOT-FOR-US: TYPO3 extension Akronymmanager
CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension 0. ...)
- NOT-FOR-US: Typo3 extension News Pack
+ NOT-FOR-US: TYPO3 extension News Pack
CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) ...)
- NOT-FOR-US: Typo3 extension lumophpinclude
+ NOT-FOR-US: TYPO3 extension lumophpinclude
CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for ...)
- NOT-FOR-US: Typo3 extension DomPDF
+ NOT-FOR-US: TYPO3 extension DomPDF
CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol (j ...)
- NOT-FOR-US: Typo3 extension jh_opengraphprotocol
+ NOT-FOR-US: TYPO3 extension jh_opengraphprotocol
CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...)
- NOT-FOR-US: Typo3 extension flatmgr
+ NOT-FOR-US: TYPO3 extension flatmgr
CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.1 ...)
- NOT-FOR-US: Typo3 extension eu_ldap
+ NOT-FOR-US: TYPO3 extension eu_ldap
CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extens ...)
- NOT-FOR-US: Typo3 extension cwt_feedit
+ NOT-FOR-US: TYPO3 extension cwt_feedit
NOTE: This is different from the feedit extension in typo3-src.
CVE-2014-6227
RESERVED
@@ -238898,9 +238898,9 @@ CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allo
[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
CVE-2013-7082 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...)
- NOT-FOR-US: Typo3 Flow
+ NOT-FOR-US: TYPO3 Flow
NOTE: https://review.typo3.org/#/c/26176/
- NOTE: CVE assigned for Typo3 Flow, correspond to CVE-2013-7078
+ NOTE: CVE assigned for TYPO3 Flow, correspond to CVE-2013-7078
CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31 ...)
{DSA-2834-1}
- typo3-src 4.5.32+dfsg1-1 (bug #731999)
@@ -244680,7 +244680,7 @@ CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in install/forum_data/sr
CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management (re ...)
NOT-FOR-US: TYPO3 extension
CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_sea ...)
- NOT-FOR-US: Faceted Search Typo3 extension
+ NOT-FOR-US: Faceted Search TYPO3 extension
CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP (browse ...)
NOT-FOR-US: TYPO3 Extension
CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator (locator ...)
@@ -244690,7 +244690,7 @@ CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extens
CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension bef ...)
NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) extensio ...)
- NOT-FOR-US: Faceted Search Typo3 extension
+ NOT-FOR-US: Faceted Search TYPO3 extension
CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter 5 ...)
NOT-FOR-US: Trustport Webfilter
CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
@@ -246185,7 +246185,7 @@ CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the C
CVE-2012-6572 (Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess ...)
NOT-FOR-US: Inf08 theme for Drupal
CVE-2013-4634 (SQL injection vulnerability in the jQuery autocomplete for indexed_sea ...)
- NOT-FOR-US: rzautocomplete extension for Typo3
+ NOT-FOR-US: rzautocomplete extension for TYPO3
CVE-2013-4633 (Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 ...)
NOT-FOR-US: Huawei Seco Versatile Security Manager
CVE-2013-4632 (The Huawei Access Router (AR) before V200R002SPC003 allows remote atta ...)
@@ -260906,11 +260906,11 @@ CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under
CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pa ...)
NOT-FOR-US: Dalbum
CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...)
- NOT-FOR-US: Typo3 extension (sr_feuser_register)
+ NOT-FOR-US: TYPO3 extension (sr_feuser_register)
CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...)
- NOT-FOR-US: Typo3 extension (powermail)
+ NOT-FOR-US: TYPO3 extension (powermail)
CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_ba ...)
- NOT-FOR-US: Typo3 extension (seo_basics)
+ NOT-FOR-US: TYPO3 extension (seo_basics)
CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
- tomcat6 6.0.35-5+nmu1 (bug #692439)
[squeeze] - tomcat6 6.0.35-1+squeeze3
@@ -279288,9 +279288,9 @@ CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows
CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...)
NOT-FOR-US: Hulihan BXR
CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension bef ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension b ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yell ...)
NOT-FOR-US: Branchenbuch
CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre P ...)
@@ -279298,21 +279298,21 @@ CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects
CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...)
NOT-FOR-US: Prado Portal
CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ex ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_ques ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers A ...)
NOT-FOR-US: APBoard Developers APBoard
CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...)
NOT-FOR-US: xt:Commerce Gambio
CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1 ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) extensio ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xaj ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before 0.3. ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...)
NOT-FOR-US: Joomla extension
CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
@@ -296395,21 +296395,21 @@ CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the lo
CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...)
NOT-FOR-US: AJAX Chat
CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for T ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement (SBbanne ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr) ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 fo ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipse ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) exten ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers ...)
NOT-FOR-US: KSP
CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension bef ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...)
NOT-FOR-US: Fat Player
CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration informa ...)
@@ -298397,7 +298397,7 @@ CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum all
CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...)
NOT-FOR-US: Open Education System
CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...)
- NOT-FOR-US: Typo3 extenson Calendar Base
+ NOT-FOR-US: TYPO3 extenson Calendar Base
CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...)
NOT-FOR-US: Aris Global ARISg
CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in Zo ...)
@@ -316753,21 +316753,21 @@ CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic PH ...)
NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...)
- NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3
+ NOT-FOR-US: Diocese of Portsmouth Church Search extension for TYPO3
CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...)
NOT-FOR-US: My quiz and poll
CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...)
- NOT-FOR-US: Typo3 addon Random Prayer
+ NOT-FOR-US: TYPO3 addon Random Prayer
CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects (mw_random_ob ...)
- NOT-FOR-US: Typo3 addon Simple Random Objects
+ NOT-FOR-US: TYPO3 addon Simple Random Objects
CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration (autobeus ...)
- NOT-FOR-US: Typo3 addon auto BE User Registration
+ NOT-FOR-US: TYPO3 addon auto BE User Registration
CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ext ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...)
- NOT-FOR-US: Typo3 addon
+ NOT-FOR-US: TYPO3 addon
CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote a ...)
NOT-FOR-US: Edikon phpShop
CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows rem ...)
@@ -319222,7 +319222,7 @@ CVE-2008-5997 (Absolute path traversal vulnerability in admin/fileKontrola/brows
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...)
NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_fr ...)
- NOT-FOR-US: freeCap CAPTCHA extension for Typo3
+ NOT-FOR-US: freeCap CAPTCHA extension for TYPO3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point C ...)
NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
@@ -320674,7 +320674,7 @@ CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allow
- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for th ...)
- typo3-src 4.2.3-1 (bug #505325)
- [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
+ [etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...)
@@ -320701,7 +320701,7 @@ CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Netw
NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
- typo3-src 4.2.3-1 (bug #505324)
- [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
+ [etch] - typo3-src <not-affected> (Only TYPO3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for Joo ...)
NOT-FOR-US: Joomla!
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made Simpl ...)
@@ -322263,7 +322263,7 @@ CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might a
CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote at ...)
NOT-FOR-US: MyFWB
CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
- NOT-FOR-US: Typo3 third party extension "file_list"
+ NOT-FOR-US: TYPO3 third party extension "file_list"
CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User Applicatio ...)
NOT-FOR-US: Novell User Application
CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory bef ...)
@@ -322392,7 +322392,7 @@ CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Galler
NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
- typo3-src 4.2.3-1 (bug #505326)
- [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
+ [etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected)
CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier ...)
- websvn 2.0-4 (bug #503330)
[etch] - websvn <not-affected> (vulnerable code not present)
@@ -323255,19 +323255,19 @@ CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_ ...)
- NOT-FOR-US: sm_pageimprovements for Typo3
+ NOT-FOR-US: sm_pageimprovements for TYPO3
CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extensi ...)
- NOT-FOR-US: m1_intern for Typo3
+ NOT-FOR-US: m1_intern for TYPO3
CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist ...)
- NOT-FOR-US: kiddog_playerlist for Typo3
+ NOT-FOR-US: kiddog_playerlist for TYPO3
CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 a ...)
- NOT-FOR-US: dmmjobcontrol for Typo3
+ NOT-FOR-US: dmmjobcontrol for TYPO3
CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ea ...)
- NOT-FOR-US: econda for Typo3
+ NOT-FOR-US: econda for TYPO3
CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) 0 ...)
- NOT-FOR-US: fersview for Typo3
+ NOT-FOR-US: fersview for TYPO3
CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...)
- NOT-FOR-US: simplesurvey for Typo3
+ NOT-FOR-US: simplesurvey for TYPO3
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communica ...)
@@ -381925,7 +381925,7 @@ CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive i ...)
- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
- NOT-FOR-US: Typo3 extension
+ NOT-FOR-US: TYPO3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4. ...)
NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 all ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6827f4bbc97011bda86cc242218fc2fa4c0d010
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6827f4bbc97011bda86cc242218fc2fa4c0d010
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191019/2222bfe9/attachment.html>
More information about the debian-security-tracker-commits
mailing list