Security Advisories
All Advisories
TYPO3-SA-2010-003: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Event Manager (eventmanagement), Game Article DB (game_articledb), Simple career (ml_career), Surprise Calendar (ml_surprisecalendar), Search Api Ajax Google (searchajaxgoogle), Download Manager (spr_downloadmanager)
Read moreTYPO3-SA-2010-002: Multiple vulnerabilities in extension T3BLOG (t3blog)
It has been discovered that the extension T3BLOG (t3blog) is vulnerable to SQL Injection and Cross–Site Scripting.
SECURITY-ISSUE-FOUND-IN-TYPO3-CORE: Security issue found in TYPO3 core
It has been discovered that using the openid system extension in TYPO3 4.3.0 can lead to an authentication bypass under certain circumstances.
TYPO3-SA-2010-001: Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to authentication bypass.
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-1: Security issues in several third party TYPO3 extensions
Security vulnerabilities have been discovered in following third party TYPO3 extensions: MK-AnydropdownMenu (mk_anydropdownmenu), Photo Book (goof_fotoboek), SB Folderdownload (sb_folderdownload), Developer log (devlog), KJ: Imagelightbox (kj_imagelightbox2), Unit Converter (cs2_unitconv), powermail (powermail), TV21 Talkshow (tv21_talkshow), Helpdesk (mg_help), Vote rank for news (vote_for_tt_news), kiddog_mysqldumper (kiddog_mysqldumper), tt_news Mail alert (dl3_tt_news_alerts), TT_Products editor (ttpedit), User Links (vm19_userlinks), MJS Event Pro (mjseventpro), Googlemaps fr tt_news (jf_easymaps), BB Simple Jobs (bb_simplejobs), Reports for Job (job_reports), Clan Users List (pb_clanlist), Customer Reference List (ref_list), zak_store_management (zak_store_management), Reports Logfile View (reports_logview), Majordomo (majordomo), Tip many friends (mimi_tipfriends), VD / Geomap (vd_geomap)
TYPO3-SA-2009-021: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: MK-AnydropdownMenu (mk_anydropdownmenu), Photo Book (goof_fotoboek), SB Folderdownload (sb_folderdownload), Developer log (devlog), KJ: Imagelightbox (kj_imagelightbox2), Unit Converter (cs2_unitconv), powermail (powermail), TV21 Talkshow (tv21_talkshow), Helpdesk (mg_help), Vote rank for news (vote_for_tt_news), kiddog_mysqldumper (kiddog_mysqldumper), tt_news Mail alert (dl3_tt_news_alerts), TT_Products editor (ttpedit), User Links (vm19_userlinks), MJS Event Pro (mjseventpro), Googlemaps fr tt_news (jf_easymaps), BB Simple Jobs (bb_simplejobs), Reports for Job (job_reports), Clan Users List (pb_clanlist), Customer Reference List (ref_list), zak_store_management (zak_store_management), Reports Logfile View (reports_logview), Majordomo (majordomo), Tip many friends (mimi_tipfriends), VD / Geomap (vd_geomap)
TYPO3-SA-2009-020: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Car (car), TYPO3 Watchdog (aba_watchdog), File list (dr_blob), ListMan (nl_listman), XDS Staff List (xds_staff), Document Directorys (danp_documentdirs), Random Prayer Version 2 (ste_prayer2), Diocese of Portsmouth Resources Database (pd_resources), Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery), Parish Administration Database (ste_parish_admin), Diocese of Portsmouth Calendar (pd_calendar), Flash SlideShow (slideshow), Subscription (mf_subscription), No indexed Search (no_indexed_search), Job Exchange (jobexchange), Training Company Database (trainincdb), ZID Linkliste (zid_linklist), vShoutbox (vshoutbox), Frontend news submitter with RTE (fe_rtenews)
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CAR-ABA-WATCHDOG-DR-BLOB-NL-LISTMAN-XDS-STAFF-DANP-DOCUMENTDIRS-STE-PRAYER2-PD-RESOURCES-HS-RELIGIOUSARTGALLERY-STE-PARISH-ADMIN-PD-CALENDAR: Security issues in several third party TYPO3 extensions including car, aba_watchdog, dr_blob, nl_listman, xds_staff, danp_documentdirs, ste_prayer2, pd_resources, hs_religiousartgallery, ste_parish_admin, pd_calendar
Security vulnerabilities have been discovered in following third party TYPO3 extensions: Car (car), TYPO3 Watchdog (aba_watchdog), File list (dr_blob), ListMan (nl_listman), XDS Staff List (xds_staff), Document Directorys (danp_documentdirs), Random Prayer Version 2 (ste_prayer2), Diocese of Portsmouth Resources Database (pd_resources), Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery), Parish Administration Database (ste_parish_admin), Diocese of Portsmouth Calendar (pd_calendar), Flash SlideShow (slideshow), Subscription (mf_subscription), No indexed Search (no_indexed_search), Job Exchange (jobexchange), Training Company Database (trainincdb), ZID Linkliste (zid_linklist), vShoutbox (vshoutbox), Frontend news submitter with RTE (fe_rtenews)
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CAL-DIRECT-MAIL-AN-SEARCHIT-KK-DOWNLOADER-LT-BASETAG-MCHTRIPS-SIMPLE-GLOSSAR-TW-PRODUCTFINDER-WFQBE: Security issues in several third party TYPO3 extensions including cal, direct_mail, an_searchit, kk_downloader, lt_basetag, mchtrips, simple_glossar, tw_productfinder, wfqbe
Security vulnerabilities have been discovered in following third party TYPO3 extensions: "Calendar Base" (cal), "Direct Mail" (direct_mail), "[AN] Search it!" (an_searchit), "Simple download-system with counter and categories" (kk_downloader), "Automatic Base Tags for RealUrl" (lt_basetag), "Trips" (mchtrips), "simple Glossar" (simple_glossar), "TW Productfinder" (tw_productfinder), "DB Integration" (wfqbe)
TYPO3-SA-2009-019: Blind SQL Injection vulnerability in extension Calendar Base (cal)
It has been discovered that the extension Calendar Base (cal) is vulnerable to Blind SQL Injection.