TYPO3 News & Events Hub
What’s New & What’s Coming
Information Disclosure from phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases. The standalone version of phpmyadmin is not affected.
Read moreCross Site Scripting vulnerability in faq
It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary JavaScript.
TYPO3 Security Bulletin TYPO3-20070712-1: Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.
Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.
TYPO3 Security Bulletin TYPO3-20070710-1: SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password.
SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password.
TYPO3 Security Bulletin TYPO3-20070709-1: Incorrect authentication in ftpbrowser
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
Incorrect authentication
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
TYPO3 Security Bulletin TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues.
Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues.
Last call for papers
The deadline for sending in your proposition for a talk or a tutorial at T3CON07 is closing in rapidly, but we're still open for suggestions! So if you were still doubting if your concept for a talk is interesting for the TYPO3 crowd, let us in by...
T3BOARD08 Registration now open!
The next snowboard Tour will take place from Sunday 30.th of March to Sunday 06.th of April 2008 at the Mountainhostel Crap Sogn Gion. Details about the tour and registration can be found here:
Carrier failure causes outages on typo3.org infrastructure
Due to an unplanned power failure at our network carrier, the data center where some typo3.org subdomains are hosted have been completely offline from June 24 04:37:15 UTC+2 to June 24 19:28:48 UTC+2 Affected services have been: The official...
TYPO3 Security Bulletin TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
Installer 2.0 survey
The Installer 2.0 project has now reached a point where we wan't to get the final input from the community before we start the implementation.
SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
Call for papers T3CON07
Dear Web Professionals and TYPO3 Enthusiasts,The T3CON07 is approaching rapidly and you have the opportunity to present your ideas and experiences at this conference. At T3CON07, you will meet TYPO3 professionals and core developers and will have...
Five on six
During development on 5.0 last week I came to the point where I needed to implement some functionality doing string operations. As we don't want to fiddle around with the mbstring extension anymore it now was time to try TYPO3 5.0 with PHP6. As I'm...