Security Advisories

All Advisories

  • TYPO3-20051107-2: th_mailformplus

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.
    Read more
  • TYPO3-20051107-1: chc_forum

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "CHC Forum" (chc_forum) extension where some Javascript expressions are not properly caught when entered in forms....
    Read more
  • : Security Bulletin TYPO3-20051010-1: fe_news

    Categories: Security
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented. fe_rtenews is affected as well.
    Read more
  • TYPO3-20051010-10: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A bug has been discovered in the "Front End News Submitter" (fe_news) where SQL injection is not safely prevented and thus malicious SQL commands are...
    Read more
  • TYPO3-20050822-1: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Karsten Dambekalns
    A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An offender may gain illegal read access to files on the server.
    Read more
  • : Security Bulletin TYPO3-20050822-1

    Categories: Security
    Advisory type: Security Advisories
    Created by Karsten Dambekalns
    A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An offender may gain illegal read access to files on the server.
    Read more
  • : Security Bulletin TYPO3-20050812-1

    Categories: Security
    Advisory type: Security Advisories
    Created by Karsten Dambekalns
    Possible remote exploit with AWStats. The TYPO3 Security Team has issued a security bulletin which explains and fixes a possible problem with...
    Read more
  • TYPO3-20050812-1: TYPO3 Security Bulletin

    Advisory type: Security Advisories
    Created by Karsten Dambekalns
    Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation ...
    Read more
  • : Security Bulletin TYPO3-20050725-1

    Categories: Security
    Advisory type: Security Advisories
    Created by Karsten Dambekalns
    Possible Information leak. The TYPO3 Security Team has issued another security bulletin which explains and fixes a possible problem with a debug...
    Read more
  • TYPO3-20050725-1: TYPO3 Security Bulletin

    Categories: TYPO3 CMS
    Advisory type: Security Advisories
    Created by Ekkehard Gümbel
    A debug script exposes system information provided by phpinfo(). By default, the script can be executed by a remote user.
    Read more