Cyrill Helg

**Name of the Vulnerable Software and Affected Versions** TYPO3 ws ecard extension versions 1.0.2 and earlier **Description** A directory traversal issue exists in the Webesse E-Card (ws ecard) extension for TYPO3, allowing for remote attack vectors. The impact of this issue is not specified. **Recommendations** For versions 1.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Tour Extension (pm tour) versions prior to 0.0.13 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.0.13, update to version 0.0.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Webesse Image Gallery (ws gallery) extension versions 1.0.4 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Webesse E-Card (ws ecard) extension versions 1.0.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information via unknown vectors. **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 twittersearch extension versions prior to 0.1.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.1.1, update to version 0.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Mailform extension versions prior to 0.9.24 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.9.24, update to version 0.9.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Myth download (myth download) extension version 0.1.0 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Myth download (myth download) extension version 0.1.0, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension gb fenewssubmit version 0.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 0.1.0 and earlier, update to a version later than 0.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** datamints newsticker extension versions prior to 0.7.2 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.7.2, update to version 0.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension cwt resetbepassword versions 1.20 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 1.20 and earlier, update to a version later than 1.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CoolURI extension versions prior to 1.0.16 for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For CoolURI extension versions prior to 1.0.16, update to version 1.0.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension gb fenewssubmit version 0.1.0 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions 0.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.