Security Advisories
All Advisories
TYPO3-SECURITY-BULLETIN-TYPO3-20070703-1-MULTIPLE-VULNERABILITIES-IN-ALL-VARIANTS-OF-MYSQLDUMPER: TYPO3 Security Bulletin TYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues.
Mehr erfahrenTYPO3-20070703-1: Multiple vulnerabilities in all variants of MySQLDumper
Multiple vulnerabilities have been found in the third party extension "mysqldumper". Full read/write access to the connected database and other related issues.
TYPO3-SECURITY-BULLETIN-TYPO3-20070612-1-INFORMATION-DISCLOSURE-IN-W4X-BACKUP: TYPO3 Security Bulletin TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-20070612-1: Information disclosure in w4x_backup
It has been discovered that the extension w4x_backup has several security related issues, which may disclosure confidential information.
TYPO3-SECURITY-BULLETIN-TYPO3-20070608-1-SQL-INJECTION-IN-MACINA-BANNERS-RIC-ROTATION: TYPO3 Security Bulletin TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
TYPO3-20070608-1: SQL injection in macina_banners / ric_rotation
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.
TYPO3-SECURITY-BULLETIN-TYPO3-20070221-1-EMAIL-HEADER-INJECTION: TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.
TYPO3-20070919-1: Multiple vulnerabilities in extension mm_forum
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities.
TYPO3-20070124-1: Tip-a-friend - Header Injection
A header injection problem has been found in the extension tipafriend