Security Advisories
All Advisories
TYPO3-SA-2009-018: Cross-Site Scripting vulnerability in extension Direct Mail (direct_mail)
It has been discovered that the extension Direct Mail (direct_mail) is vulnerable to XSS.
Read moreTYPO3-SA-2009-017: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: [AN] Search it! (an_searchit), Simple download-system with counter and categories (kk_downloader), Automatic Base Tags for RealUrl (lt_basetag), Trips (mchtrips), simple Glossar (simple_glossar), TW Productfinder (tw_productfinder), DB Integration (wfqbe)
MULTIPLE-SECURITY-ISSUES-FOUND-IN-TYPO3-CORE-1: Multiple security issues found in TYPO3 core
It has been discovered that the TYPO3 Core is vulnerable to Cross-site scripting, SQL-Injection, Remote shell command execution, Information Disclosure and insecure Install Tool authentication/session handling.
TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, SQL-Injection, Remote Command Execution, Information Disclosure and insecure Install Tool authentication/session handling.
TYPO3-SA-2009-014: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search (solr), Random Images (maag_randomimage), Flagbit Filebase (fb_filebase), freeCap CAPTCHA (sr_freecap)
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-COMMERCE-AND-T3M: Security issues in several third party TYPO3 extensions including commerce and t3m
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Commerce" (commerce), "T3M E-Mail Marketing Tool" (t3m), "AIRware Lexicon" (air_lexicon), "AST ZipCodeSearch" (ast_addresszipsearch), "Car" (car), "Event Registration" (event_registr), "Solidbase Bannermanagement" (SBbanner), "t3m_affiliate" (t3m_affiliate), "AJAX Chat" (vjchat)
TYPO3-SA-2009-013: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "AIRware Lexicon" (air_lexicon), "AST ZipCodeSearch" (ast_addresszipsearch), "Car" (car), "Event Registration" (event_registr), "Solidbase Bannermanagement" (SBbanner), "t3m_affiliate" (t3m_affiliate), "AJAX Chat" (vjchat)
TYPO3-SA-2009-012: Blind SQL Injection vulnerability in extension T3M E-Mail Marketing Tool (t3m)
It has been discovered that the extension T3M E-Mail Marketing Tool (t3m) is vulnerable to Blind SQL Injection attacks.
TYPO3-SA-2009-011: Cross-Site Scripting vulnerability in extension Commerce (commerce)
It has been discovered that the extension Commerce (commerce) is vulnerable to Cross-Site Scripting attacks.
TYPO3-SA-2009-010: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password" (cwt_resetbepassword), "datamints Newsticker" (datamints_newsticker), "[Gobernalia] Front End News Submitter" (gb_fenewssubmit), "Mailform" (mailform), "Myth download" (myth_download), "Tour Extension" (pm_tour), "Twitter Search" (twittersearch), "Webesse E-Card" (ws_ecard) and "Webesse Image Gallery" (ws_gallery)