Security Advisories

• TYPO3 Extensions

TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)

• Marcus Krause

29 June 2015

It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting

Read more

• TYPO3 Extensions

TYPO3-EXT-SA-2015-014: SQL Injection in extension "Akronymmanager" (sb_akronymmanager)

• Marcus Krause

18 June 2015

It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection

• TYPO3 Extensions

TYPO3-EXT-SA-2015-013: Arbitrary Code Execution in extension Job Fair (jobfair)

• Marcus Krause

15 June 2015

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Arbitrary Code Execution

• TYPO3 Extensions

TYPO3-EXT-SA-2015-009: SQL Injection vulnerability in extension Store Locator (locator)

• Marcus Krause

15 June 2015

It has been discovered that the extension "Store Locator" (locator) is susceptible to SQL Injection

• TYPO3 Extensions

TYPO3-EXT-SA-2015-010: SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek)

• Marcus Krause

15 June 2015

It has been discovered that the extension "Smoelenboek" (ncgov_smoelenboek) is susceptible to SQL Injection

• TYPO3 Extensions

TYPO3-EXT-SA-2015-011: SQL Injection vulnerability in extension Developer Log (devlog)

• Marcus Krause

15 June 2015

It has been discovered that the extension "Developer Log" (devlog) is susceptible to SQL Injection

• TYPO3 Extensions

TYPO3-EXT-SA-2015-012: SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq)

• Marcus Krause

15 June 2015

It has been discovered that the extension "FAQ - Frequently Asked Questions" (js_faq) is susceptible to SQL Injection

• TYPO3 Extensions

TYPO3-EXT-SA-2015-007: Cross-Site Scripting in extension BE User Log (beko_beuserlog)

• Marcus Krause

15 June 2015

It has been discovered that the extension "BE User Log" (beko_beuserlog) is susceptible to Cross-Site Scripting

• TYPO3 Extensions

TYPO3-EXT-SA-2015-006: Arbitrary Code Execution in extension Frontend User Upload (feupload)

• Marcus Krause

15 June 2015

It has been discovered that the extension "Frontend User Upload" (feupload) is susceptible to Arbitrary Code Execution

• TYPO3 Extensions

TYPO3-EXT-SA-2015-008: SQL Injection vulnerability in extension wt_directory (wt_directory)

• Marcus Krause

15 June 2015

It has been discovered that the extension "wt_directory" (wt_directory) is susceptible to SQL Injection