Security Advisories
All Advisories
TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Link Spoofing and Cache Poisoning.
Read moreTYPO3-EXT-SA-2014-018: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting, Denial of Service and Local File Inclusion.
TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav)
It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-016: Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution!
TYPO3-EXT-SA-2014-015: Information Disclosure vulnerability in Dynamic Content Elements (dce)
It has been discovered that the extension "Dynamic Content Elements" (dce) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2014-014: Improper Access Control vulnerability in extension fal_sftp (fal_sftp)
It has been discovered that the extension "fal_sftp" (fal_sftp) is susceptible to Improper Access Control.
TYPO3-EXT-SA-2014-013: Denial of Service vulnerability in extension Calendar Base (cal)
It has been discovered that the extension "Calendar Base" (cal) is susceptible to Denial of Service.
TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol)
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection.