TYPO3 News & Events Hub
What’s New & What’s Coming
TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
Read moreTYPO3 v5 project report: May 2008
Our main topics for the TYPO3 v5 project last month were - apart from the usual development work - conferences, continuous integration and project management. Here are the topics in detail:
TYPO3 v4 Core SVN Migration
The TYPO3 v4 SVN repository has been moved to svn.typo3.org, TYPO3's own SVN server infrastructure.
Forelle ist geil!
The weekend of the 24th/25th of may the first gathering of HCI (Human Computer Interface Team) took place @ Netcreators HQ in Arnhem.
Getting started with the Forge
TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.
SECURITY-BULLETIN-TYPO3-20080527-2-SQL-INJECTION-IN-EXTENSION-LIBRARY-FOR-FRONTEND-PLUGINS-SG-ZFELIB: Security Bulletin TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.
SECURITY-BULLETIN-TYPO3-20080527-1-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-KJ-IMAGE-LIGHTBOX-V2-KJ-IMAGELIGHTBOX2: Security Bulletin TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.
TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.
TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Command Execution.