CVE-2012-1607
published 2012-09-04CVE-2012-1607: The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
3.09%
86.1th percentile
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_20h2 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| typo3 | cms | 4.4.0 – 4.4.13 | — |
| typo3 | cms | 4.5.0 – 4.5.13 | — |
| typo3 | cms | 4.6.0 – 4.6.6 | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
cisa7.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
TYPO3 allows remote attackers to obtain the database name via a direct request
osv·2022-05-17
CVE-2012-1607 [MEDIUM] TYPO3 allows remote attackers to obtain the database name via a direct request
TYPO3 allows remote attackers to obtain the database name via a direct request
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
GHSA
TYPO3 allows remote attackers to obtain the database name via a direct request
ghsa·2022-05-17
CVE-2012-1607 [MEDIUM] CWE-200 TYPO3 allows remote attackers to obtain the database name via a direct request
TYPO3 allows remote attackers to obtain the database name via a direct request
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
OSV
CVE-2012-1607: The Command Line Interface (CLI) script in TYPO3 4
osv·2012-09-04·CVSS 5.0
CVE-2012-1607 [MEDIUM] CVE-2012-1607: The Command Line Interface (CLI) script in TYPO3 4
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
CISA
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-0001 [HIGH] Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Vulnerability: Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Affected: Microsoft Graphics Device Interface (GDI)
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0001
Remediation Due Date: 2022-03-24
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/80761http://secunia.com/advisories/48622http://secunia.com/advisories/48647http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/http://www.debian.org/security/2012/dsa-2445http://www.openwall.com/lists/oss-security/2012/03/30/4http://www.securityfocus.com/bid/52771http://osvdb.org/80761http://secunia.com/advisories/48622http://secunia.com/advisories/48647http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/http://www.debian.org/security/2012/dsa-2445http://www.openwall.com/lists/oss-security/2012/03/30/4http://www.securityfocus.com/bid/52771
2012-09-04
Published