TYPO3-20060501-1: TYPO3 Security Bulletin
May 01, 2006
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL
DetailsPlatinum sponsors
TYPO3-20051114-7: TYPO3 Security Bulletin
November 14, 2005
Situations are imaginable where sensitive information gets stored in the fileadmin/_temp_/ directory. If misconfigured in your web server, this directory can be browsable and therefore expose that information.
DetailsTYPO3-20051114-6: TYPO3 Security Bulletin
November 14, 2005
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.
DetailsTYPO3-20051114-5: TYPO3 Security Bulletin
November 14, 2005
For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the generated value are actually random. The overall key is therefore unique and -as of today- considered sufficiently secure. However, the effective key ...
DetailsTYPO3-20051114-4: TYPO3 Security Bulletin
November 14, 2005
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.
DetailsTYPO3-20051114-3: TYPO3 Security Bulletin
November 14, 2005
Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
DetailsTYPO3-20051114-2: TYPO3 Security Bulletin
November 14, 2005
A Cross Site Scripting issue has been found in showpic.php.
DetailsTYPO3-20051114-1: TYPO3 Security Bulletin
November 14, 2005
The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set, this will create a backup copy and append a "~" to the original file name. This leads to file names that may be delivered as text files by a web ...
DetailsTYPO3-20051107-2: th_mailformplus
November 07, 2005
A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
DetailsTYPO3-20051107-1: chc_forum
November 07, 2005
A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms. Thus, specially crafted entries may be used to inject malicious code.
Details
