Tag: Security
Maintaining the “health” of your website is crucial and knowing that it is running securely is the most important question of all. Business websites need to be monitored, extended and updated on a regular basis. If you’re still running your website on an outdated TYPO3 version, gain peace of mind by opting for TYPO3 GmbH’s ELTS offer.
SECURITY-BULLETIN-TYPO3-20080611-1-MULTIPLE-VULNERABILITIES-IN-TYPO3-CORE: Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
Read moreSECURITY-BULLETIN-TYPO3-20080527-2-SQL-INJECTION-IN-EXTENSION-LIBRARY-FOR-FRONTEND-PLUGINS-SG-ZFELIB: Security Bulletin TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.
SECURITY-BULLETIN-TYPO3-20080527-1-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-KJ-IMAGE-LIGHTBOX-V2-KJ-IMAGELIGHTBOX2: Security Bulletin TYPO3-20080527-1: Cross Site Scripting vulnerability in extension "KJ: Image Lightbox v2" (kj_imagelightbox2)
It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.
SECURITY-BULLETIN-TYPO3-20080515-2-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-FILEMANAGER-AIR-FILEMANAGER: Security Bulletin TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
SECURITY-BULLETIN-TYPO3-20080515-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-FRONTEND-USER-REGISTRATION-SR-FEUSER-REGISTER: Security Bulletin TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Command Execution.
SECURITY-BULLETIN-TYPO3-20080513-4-MULTIPLE-VULNERABILITIES-IN-EXTENSION-STATISTICS-KE-STATS: Security Bulletin TYPO3-20080513-4: Multiple vulnerabilities in extension Statistics (ke_stats)
It has been discovered that the extension Statistics (ke_stats) is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found.
SECURITY-BULLETIN-TYPO3-20080513-3-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-EVENT-DATABASE-RLMP-EVENTDB: Security Bulletin TYPO3-20080513-3: Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)
It has been discovered that the extension Event Database (rlmp_eventdb) is susceptible to Cross Site Scripting (XSS) attacks.
SECURITY-BULLETIN-TYPO3-20080513-2-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-QUESTIONAIRE-PBSURVEY: Security Bulletin TYPO3-20080513-2: Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension Questionaire (pbsurvey) is susceptible to Cross Site Scripting (XSS) attacks.
SECURITY-BULLETIN-TYPO3-20080513-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-WT-GALLERY-WT-GALLERY: Security Bulletin TYPO3-20080513-1: Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension WT Gallery (wt_gallery) is susceptible to Path Traversal and Cross Site Scripting (XSS) attacks. Besides that, it may disclose sensitive information.
SECURITY-BULLETIN-TYPO3-20080505-2-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-EXTENSION-POWERMAIL: Security Bulletin TYPO3-20080505-2: Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.