Christian Weiske

**Name of the Vulnerable Software and Affected Versions** AIRTAME HDMI dongle versions prior to 2.2.0 **Description** The issue is related to insufficient access control in the AIRTAME HDMI dongle's firmware, allowing unauthenticated access to a significant part of the management interface. This can lead to the extraction of all information, including the Wi-Fi password, and enable actions such as rebooting the device or forcing a software update at any time. **Recommendations** For versions prior to 2.2.0, update the firmware to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Store Locator extension versions prior to 1.2.8 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension 'a21glossary advanced output' versions prior to 0.1.12 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.1.12, update to version 0.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension sg userdata versions prior to 0.91.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.91.0, update to version 0.91.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension sk calendar versions prior to 0.3.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.3.4, update to version 0.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Visitor Tracking (ws stats) extension versions prior to 0.1.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** The issue allows remote attackers to gain access by using only the password's md5 hash as a credential. This is related to the Install Tool subcomponent. **Recommendations** For versions 4.0.13 and earlier, update to a version later than 4.0.13. For versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. This could potentially lead to unauthorized actions on behalf of the user. **Recommendations** For versions 4.0.13 and earlier, update to a version later than 4.0.13. For versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** The issue allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. **Recommendations** For versions 4.0.13 and earlier, update to a version later than 4.0.13. For versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename when the DAM extension or ftp upload is enabled. This is related to the Backend subcomponent. **Recommendations** For versions 4.0.13 and earlier, update to a version later than 4.0.13. For versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters in the traditional frontend editing feature in the Frontend Editing subcomponent. **Recommendations** For versions 4.0.13 and earlier, update to a version later than 4.0.13. For versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2 **Description** A cross-site scripting (XSS) issue exists in the `t3lib div::quoteJSvalue` API function, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. **Recommendations** For TYPO3 versions 4.0.13 and earlier, update to a version later than 4.0.13. For TYPO3 versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For TYPO3 versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For TYPO3 versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later. As a temporary workaround, consider restricting access to the `t3lib div::quoteJSvalue` API function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.2.0 through 4.2.6 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters in the Frontend Login Box subcomponent. **Recommendations** For versions 4.2.0 through 4.2.6, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.7.2-r1 **Description** The issue affects the libxml2 package in Gentoo Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be carried out remotely. **Recommendations** For versions prior to 2.7.2-r1, update to version 2.7.2-r1 or later to resolve the issue.