Security Advisories
All Advisories
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-COOLURI-CWT-RESETBEPASSWORD-DATAMINTS-NEWSTICKER-GB-FENEWSSUBMIT-MAILFORM-MYTH-DOWNLOAD-PM-TOUR-TWITTERSEARCH-WS-ECARD-WS-GALLERY: Security issues in several third party TYPO3 extensions including cooluri, cwt_resetbepassword, datamints_newsticker, gb_fenewssubmit, mailform, myth_download, pm_tour, twittersearch, ws_ecard, ws_gallery
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password" (cwt_resetbepassword), "datamints Newsticker" (datamints_newsticker), "[Gobernalia] Front End News Submitter" (gb_fenewssubmit), "Mailform" (mailform), "Myth download" (myth_download), "Tour Extension" (pm_tour), "Twitter Search" (twittersearch), "Webesse E-Card" (ws_ecard), "Webesse Image Gallery" (ws_gallery)
Read moreTYPO3-SA-2009-009: Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)
It has been discovered that the extension Modern Guestbook / Commenting system (ve_guestbook) is vulnerable to Cross-Site Scripting.
TYPO3-SA-2009-008: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "FrontEnd MP3 Player" (fe_mp3player), "Search In Tables" (fesearchintable), "Content Search" (gst_contentsearch), "Multilingual Alias" (multilingual_alias), "Myth Repository" (myth_repository) and "References database" (t3references)
TYPO3-SA-2009-007: TYPO3 Security Bulletin
It has been discovered that the extension Virtual Civil Services (civserv) is vulnerable to SQL-injections.
TYPO3-SA-2009-006: TYPO3 Security Bulletin
It has been discovered that the extension CWT Community (cwt_community) is vulnerable to SQL-injections.
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-CIVSERV-CWT-COMMUNITY-AND-VE-GUESTBOOK: Security issues in several third party TYPO3 extensions including civserv, cwt_community and ve_guestbook
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Virtual Civil Services" (civserv), "Modern Guestbook / Commenting system" (ve_guestbook), "CWT Community" (cwt_community), "FrontEnd MP3 Player" (fe_mp3player), "Search In Tables" (fesearchintable), "Content Search" (gst_contentsearch), "Multilingual Alias" (multilingual_alias), "Myth Repository" (myth_repository), "References database" (t3references)
TYPO3-SA-2009-005: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" (a21glossary_advanced_output), "ClickStream Analyzer (output)" (alternet_csa_out), "Directory Listing" (dir_listing), "Store Locator" (locator), "Userdata Create/Edit" (sg_userdata), "Versatile Calendar Extension (VCE)" (sk_calendar), "ultraCards" (th_ultracards), "Visitor Tracking" (ws_stats)
TYPO3-SA-2009-004: Information Disclosure in third party extension "Frontend User registration"
It has been discovered that the TYPO3 extension "Frontend User Registration" (sr_feuser_register) is susceptible to Information Disclosure.
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-SR-FEUSER-REGISTER: Security issues in several third party TYPO3 extensions including sr_feuser_register
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Frontend User Registration" (sr_feuser_register), "A21glossary Advanced Output" (a21glossary_advanced_output), "ClickStream Analyzer (output)" (alternet_csa_out), "Directory Listing" (dir_listing), "Store Locator" (locator), "Userdata Create/Edit" (sg_userdata), "Versatile Calendar Extension (VCE)" (sk_calendar), "ultraCards" (th_ultracards), "Visitor Tracking" (ws_stats).
TYPO3-SA-2009-003: Multiple vulnerabilities in TYPO3 third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Accessibility Glossary" (a21glossary), "Calendar Base" (cal), "Flat Manager" (flatmgr)