Tag: Security
Maintaining the “health” of your website is crucial and knowing that it is running securely is the most important question of all. Business websites need to be monitored, extended and updated on a regular basis. If you’re still running your website on an outdated TYPO3 version, gain peace of mind by opting for TYPO3 GmbH’s ELTS offer.
SECURITY-BULLETIN-TYPO3-20080505-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-MAILFORMPLUS-TH-MAILFORMPLUS: Security Bulletin TYPO3-20080505-1: Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
Read moreSECURITY-BULLETIN-TYPO3-20080416-2-SQL-INJECTIONS-IN-EXTENSIONS-PMK-RSSNEWSEXPORT-AND-CM-RDFEXPORT: Security Bulletin TYPO3-20080416-2: SQL Injections in extensions pmk_rssnewsexport and cm_rdfexport
It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks.
SECURITY-BULLETIN-TYPO3-20080416-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-DE-PHPOT: Security Bulletin TYPO3-20080416-1: Multiple vulnerabilities in extension de_phpot
It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues.
TYPO3-SECURITY-BULLETIN-20071210-1-SQL-INJECTION-IN-SYSTEM-EXTENSION-INDEXED-SEARCH: TYPO3 Security Bulletin 20071210-1: SQL Injection in system extension indexed_search
It has been discovered that the system extension indexed_search is vulnerable to a SQL Injection flaw.
TYPO3-SECURITY-BULLETIN-20070919-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-MM-FORUM: TYPO3 Security Bulletin 20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities.
TYPO3-SECURITY-BULLETIN-20070801-1-MULTIPLE-VULNERABILITIES-IN-EXTENSION-VE-GUESTBOOK: TYPO3 Security Bulletin 20070801-1: Multiple vulnerabilities in extension ve_guestbook
It has been discovered that the extension ve_guestbook is vulnerable to SQL Injection attacks. Also, a Cross Site Scripting issue has been detected.
TYPO3-SECURITY-BULLETIN-20070719-1-REMOTE-SHELL-COMMAND-EXECUTION-IN-EXTENSIONS-EMBEDDING-PHPMAILER: TYPO3 Security Bulletin 20070719-1: Remote shell command execution in extensions embedding PHPMailer
Multiple TYPO3 extensions is affected by the third party tool PHPMailer, which is vulnerable to a remote shell command execution.
TYPO3-SECURITY-BULLETIN-TYPO3-20070716-2-INFORMATION-DISCLOSURE-FROM-EXTENSION-PHPMYADMIN: TYPO3 Security Bulletin TYPO3-20070716-2: Information Disclosure from Extension phpmyadmin
An information disclosure issue has been found in the phpmyadmin extension of TYPO3 that may give access to phpinfo() information in special cases. The standalone version of phpmyadmin is not affected.
TYPO3-SECURITY-BULLETIN-20070716-1-CROSS-SITE-SCRIPTING-VULNERABILITY-IN-FAQ: TYPO3 Security Bulletin 20070716-1: Cross Site Scripting vulnerability in faq
It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary JavaScript.
TYPO3-SECURITY-BULLETIN-TYPO3-20070712-1-MULTIPLE-VULNERABILITIES-IN-CIVSERV: TYPO3 Security Bulletin TYPO3-20070712-1: Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.