Security Advisories
All Advisories
TYPO3-SA-2010-007: Cross-Site Scripting vulnerability in extension mm_forum (mm_forum)
It has been discovered that the extension mm_forum (mm_forum) is vulnerable to Cross-Site Scripting.
Mehr erfahrenTYPO3-SA-2010-006: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Brainstorming (brainstorming), Power Extension Manager (ch_lightem), Sellector.com Widget Integration (chsellector), Educator (educator), MK Wastebasket (mk_wastebasket), myDashboard (mydashboard), CleanDB (nf_cleandb), Diocese of Portsmouth Database (pd_diocesedatabase), Reports Logfile View (reports_logview), SAV Filter Alphabetic (sav_filter_abc), SAV Filter Selectors (sav_filter_selectors), SAV Filter Months (sav_filter_months), Book Reviews (sk_bookreview), Simple Gallery (sk_simplegallery), Typo3 Quixplorer (t3quixplorer), TYPO3 Security - Salted user password hashes (t3sec_saltedpw), UserTask Center, recent (taskcenter_recent), TGM-Newsletter (tgm_newsletter), CleanDB - DBAL (tmsw_cleandb), Meet Travelmates (travelmate), YATSE - Yet another TYPO3 search engine (yatse)
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-MM-FORUM-MM-FORUM: Security issues in several third party TYPO3 extensions including "mm_forum" (mm_forum)
A security vulnerabilities has been discovered in the third party TYPO3 extensions including mm_forum, brainstorming, ch_lightem, chsellector, educator, mk_wastebasket, mydashboard, nf_cleandb, pd_diocesedatabase, reports_logview, sav_filter_abc, sav_filter_selectors, sav_filter_months, sk_bookreview, sk_simplegallery, t3quixplorer, t3sec_saltedpw, taskcenter_recent, tgm_newsletter, tmsw_cleandb, travelmate, yatse
TYPO3-SA-2010-005: Blind SQL Injection vulnerability in extension Calendar Base (cal)
It has been discovered that the extension Calendar Base (cal) is vulnerable to Blind SQL Injection.
SECURITY-ISSUE-IN-THIRD-PARTY-TYPO3-EXTENSION-CALENDAR-BASE-CAL: Security issue in third party TYPO3 extension "Calendar Base" (cal)
A security vulnerabilitiy has been discovered in the third party TYPO3 extension "Calendar Base".
SECURITY-ISSUES-FOUND-IN-TYPO3-CORE: Security issues found in TYPO3 core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Authentication Bypass for frontend users and Information Disclosure.
TYPO3-SA-2010-004: Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Authentication Bypass for frontend users and Information Disclosure.
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG: Security issues in third party TYPO3 extensions including t3blog
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar, searchajaxgoogle and spr_downloadmanager
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG-COPY-1: Security issues in third party TYPO3 extensions including t3blog (copy 1)
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar, searchajaxgoogle and spr_downloadmanager
SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-T3BLOG-COPY-2: Security issues in third party TYPO3 extensions including t3blog (copy 2)
Security vulnerabilities have been discovered in third party TYPO3 extensions t3blog, eventmanagement, game_articledb, ml_career, ml_surprisecalendar, searchajaxgoogle and spr_downloadmanager