Security Advisories
All Advisories
TYPO3-20080701-4: Multiple vulnerabilities in extension WEC Discussion Forum (wec_discussion)
It has been discovered that the extension WEC Discussion Forum (wec_discussion) is open to multiple security issues.
Read moreTYPO3-20080701-3: Multiple vulnerabilities in extension Send-A-Card (sr_sendcard)
It has been discovered that the extension Send-A-Card (sr_sendcard) is open to multiple security issues.
TYPO3-20080701-2: Cross Site Scripting vulnerability in extension phpmyadmin
It has been discovered that the extension phpmyadmin is susceptible to Cross Site Scripting (XSS) attacks.
TYPO3-20080701-1: TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions.
MULTIPLE-SECURITY-ISSUES-IN-THIRD-PARTY-TYPO3-EXTENSIONS: Multiple security issues in third party TYPO3 extensions
A total of 15 third party extensions has been found insecure. Please follow the links in this news item, in order to see which extensions have has been found insecure.
TYPO3-20080619-1: TYPO3 Security Bulletin
Several vulnerabilities have been found in TYPO3 third party extensions.
SECURITY-BULLETIN-TYPO3-20080619-1-SEVERAL-VULNERABILITIES-HAVE-BEEN-FOUND-IN-TYPO3-THIRD-PARTY-EXTENSIONS: Security Bulletin TYPO3-20080619-1: Several vulnerabilities have been found in TYPO3 third party extensions
Several vulnerabilities have been found in TYPO3 third party extensions.
SECURITY-BULLETIN-TYPO3-20080611-1-MULTIPLE-VULNERABILITIES-IN-TYPO3-CORE: Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
TYPO3-20080527-2: SQL Injection in extension "Library for Frontend plugins" (sg_zfelib)
It has been discovered that the extension "Library for Frontend plugins" (sg_zfelib) is susceptible to SQL Injections.