Security Advisories

• TYPO3 Extensions

TYPO3-EXT-SA-2011-010: A vulnerability in extension Drag Drop Mass Upload (ameos_dragndropupload)

A vulnerability has been found in the following third-party TYPO3 extension: ameos_dragndropupload

• Developer & Technology
• Security

SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-5: Security issues in third-party TYPO3 extensions

• TYPO3 Extensions

TYPO3-EXT-SA-2011-006: Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: MM DAM - FEFileList (mm_dam_filelist), Events (julle_events), WEC Staff Directory (wec_staffdirectory), TGM news (tgm_news), TGM media (tgm_media), TGM calendar module (tgm_cal), DAM Lightbox (damlightbox), Download system (sb_downloader), iwbase (iwbase), Fussballtippspiel (toto), Font resizer (fontsizer), Adminer (t3adminer)

• TYPO3 Extensions

TYPO3-EXT-SA-2011-005: Multiple XSS vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Cross-Site Scripting.

• Developer & Technology
• Security

SECURITY-ISSUES-IN-THIRD-PARTY-EXTENSION-PHPMYADMIN-PHPMYADMIN-2: Security issues in third party extension "phpMyAdmin" (phpmyadmin)

• Developer & Technology
• Security

SECURITY-ISSUES-IN-TWO-THIRD-PARTY-EXTENSIONS: Security issues in two third party extensions

• TYPO3 Extensions

TYPO3-EXT-SA-2011-004: Cross Site Scripting Vulnerability in extension Questionaire (pbsurvey)

It has been discovered that the extension "Questionaire" (pbsurvey) is vulnerable to Cross-Site Scripting.

• TYPO3 Extensions

TYPO3-EXT-SA-2011-003: Several Vulnerabilities in extension Formhandler (formhandler)

It has been discovered that the extension Formhandler (formhandler) is vulnerable to SQL-Injection and Cross-Site Scripting.

• TYPO3 Extensions

TYPO3-EXT-SA-2011-002: Multiple SQL Injection vulnerabilities in extension "Website Photo Gallery" (jm_gallery)

It has been discovered that the extension Website Photo Gallery (jm_gallery) is vulnerable to SQL injection.

• Developer & Technology
• Security

SECURITY-ISSUE-IN-THIRD-PARTY-EXTENSION-WEBSITE-PHOTO-GALLERY-JM-GALLERY: Security issue in third party extension "Website Photo Gallery" (jm_gallery)