Tag: Security
Maintaining the “health” of your website is crucial and knowing that it is running securely is the most important question of all. Business websites need to be monitored, extended and updated on a regular basis. If you’re still running your website on an outdated TYPO3 version, gain peace of mind by opting for TYPO3 GmbH’s ELTS offer.
TYPO3-SECURITY-BULLETIN-TYPO3-20070710-1-SQL-INJECTION-IN-FECHANGEPASSWORD: TYPO3 Security Bulletin TYPO3-20070710-1: SQL Injection in fechangepassword
It has been discovered that the extension fechangepassword is open for a SQL injection when updating the password.
Read moreTYPO3-SECURITY-BULLETIN-TYPO3-20070709-1-INCORRECT-AUTHENTICATION-IN-FTPBROWSER: TYPO3 Security Bulletin TYPO3-20070709-1: Incorrect authentication in ftpbrowser
It has been discovered that the extension ftpbrowser is doing incorrect authentication in some files, making it open for exploiting.
TYPO3-SECURITY-BULLETIN-TYPO3-20070703-1-MULTIPLE-VULNERABILITIES-IN-ALL-VARIANTS-OF-MYSQLDUMPER: TYPO3 Security Bulletin TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues.
TYPO3-SECURITY-BULLETIN-TYPO3-20070612-1-INFORMATION-DISCLOSURE-IN-W4X-BACKUP: TYPO3 Security Bulletin TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-SECURITY-BULLETIN-TYPO3-20070608-1-SQL-INJECTION-IN-MACINA-BANNERS-RIC-ROTATION: TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
TYPO3-SECURITY-BULLETIN-TYPO3-20070221-1-EMAIL-HEADER-INJECTION: TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.
PRE-ANNOUNCEMENT-FOR-IMPORTANT-SECURITY-UPDATE: Pre-announcement for important security update
SECURITY-BULLETIN-TYPO3-20061010-1-FE-ADMINLIBINC: Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
SECURITY-BULLETIN-TYPO3-20060911-1-INDEXED-SEARCH: Security Bulletin TYPO3-20060911-1: indexed search
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.
SECURITY-BULLETIN-TYPO3-20060902-1-TIP-A-FRIEND: Security Bulletin TYPO3-20060902-1: tip-a-friend
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)