Security Bulletins

Multiple vulnerabilities in third party extensions

Authors: Marcus Krause, Category: TYPO3 Extension April 06, 2009

Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" (a21glossary_advanced_output), "ClickStream Analyzer (output)" (alternet_csa_out), "Directory Listing" (dir_listing), "Store Locator" (locator), "Userdata Create/Edit" (sg_userdata), ...

Details

Multiple vulnerabilities in TYPO3 Core

Authors: Marcus Krause, Category: TYPO3 CMS January 20, 2009

It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and Remote Command Execution.

Details

TYPO3 Security Bulletin

Authors: , Category: TYPO3 Extension December 22, 2008

Several vulnerabilities have been found in the following third party TYPO3 extensions: "Vox populi" (mv_vox_populi), "SB Universal Plugin" (SBuniplug), "Simple File Browser" (simplefilebrowser), "TU-Clausthal ODIN" (tuc_odin), "TU-Clausthal Staff" (tuc_staff), "WEBERkommunal Facilities" ...

Details

TYPO3 Security Bulletin

Authors: , Category: TYPO3 Extension December 22, 2008

It has been discovered that the extension WEC Discussion Forum (wec_discussion) is vulnerable to Cross-Site Scripting (XSS) and SQL injection.

Details