Security Advisories

All Advisories

  • TYPO3-20051114-5: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    For convenience, the TYPO3 Install Tool provides a button sets the "encryptionKey" to a random value. It has been observed that only parts of the...
    Read more
  • TYPO3-20051114-4: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This...
    Read more
  • TYPO3-20051114-3: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Various security issues have been reported for PhpMyAdmin (see www.securityfocus.com/bid/15196 for details.)
    Read more
  • TYPO3-20051114-2: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A Cross Site Scripting issue has been found in showpic.php.
    Read more
  • TYPO3-20051114-1: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    The file editor functionality in the TYPO3 Install Tool (menu option "Edit files in typo3conf/") has an option that reads "Make backup copy". If set,...
    Read more
  • : Security Bulletins: chc_forum, th_mailformplus

    Categories: Security
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    Two security bulletins regarding the 3rd party extensions "CHC Forum" and "th_mailformplus" have been issued today. Fixed versions are available.
    Read more
  • TYPO3-20051107-2: th_mailformplus

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
    Read more
  • TYPO3-20051107-1: chc_forum

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms....
    Read more
  • : Security Bulletin TYPO3-20051010-1: fe_news

    Categories: Security
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented. fe_rtenews is affected as well.
    Read more
  • TYPO3-20051010-10: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are...
    Read more