Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Mon. 14th November, 2016
TYPO3-EXT-SA-2016-029: Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Code Highlighter" (mh_code_highlighter) is susceptible to Insecure Unserialize and SQL Injection.
Read more
Mon. 14th November, 2016
TYPO3-EXT-SA-2016-028: Cross-Site Scripting in extension "Store Locator" (locator)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Store Locator" (locator) is susceptible to Cross-Site Scripting.
Read more
Fri. 11th November, 2016
TYPO3-EXT-SA-2016-027: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "HTML5 Video Player" (html5videoplayer) is susceptible to Cross-Site Scripting.
Read more
Fri. 11th November, 2016
TYPO3-EXT-SA-2016-026: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "TC Directmail " (tcdirectmail) is susceptible to Cross Site-Scripting and SQL Injection.
Read more
Thu. 29th September, 2016
TYPO3-EXT-SA-2016-025: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) has multiple vulnerabilities.
Read more
Thu. 29th September, 2016
TYPO3-EXT-SA-2016-024: SQL Injection in extension "Events" (jp_events)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Events" (jp_events) is susceptible to SQL Injection.
Read more
Thu. 29th September, 2016
TYPO3-EXT-SA-2016-023: SQL Injection in extension "GN Tactics Planner" (sf_gntactics)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "GN Tactics Planner" (sf_gntactics) is susceptible to SQL Injection.
Read more
Tue. 13th September, 2016
TYPO3-CORE-SA-2016-022: Cache Flooding in TYPO3 Frontend

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Helmut Hummel

It has been discovered, that TYPO3 is vulnerable to Cache Flooding
Read more
Tue. 13th September, 2016
TYPO3-CORE-SA-2016-021: Cross-Site Scripting in TYPO3 Backend

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Georg Ringer

It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
Read more
Mon. 12th September, 2016
TYPO3-EXT-SA-2016-022: Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

Release Date: September 12, 2016

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected…
Read more

Security Advisories

TYPO3-EXT-SA-2016-029: Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)

TYPO3-EXT-SA-2016-028: Cross-Site Scripting in extension "Store Locator" (locator)

TYPO3-EXT-SA-2016-027: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)

TYPO3-EXT-SA-2016-026: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)

TYPO3-EXT-SA-2016-025: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

TYPO3-EXT-SA-2016-024: SQL Injection in extension "Events" (jp_events)

TYPO3-EXT-SA-2016-023: SQL Injection in extension "GN Tactics Planner" (sf_gntactics)

TYPO3-CORE-SA-2016-022: Cache Flooding in TYPO3 Frontend

TYPO3-CORE-SA-2016-021: Cross-Site Scripting in TYPO3 Backend

TYPO3-EXT-SA-2016-022: Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links