Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Thu. 5th May, 2016
TYPO3-PSA-2016-001: Critical vulnerabilities in ImageMagick

Categories: Public Service Announcement

Advisory type: Public Service Announcements
Created by Helmut Hummel

Multiple vulnerabilities in ImageMagick have been discovered, Remote Code Execution being one of them.
Read more
Tue. 12th April, 2016
TYPO3-CORE-SA-2016-012: Privilege Escalation in TYPO3 CMS

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Helmut Hummel

It has been discovered, that TYPO3 CMS is vulnerable to Privilege Escalation.
Read more
Tue. 12th April, 2016
TYPO3-CORE-SA-2016-011: Authentication Bypass in TYPO3 CMS

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Nicole Cordes

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass.
Read more
Tue. 12th April, 2016
TYPO3-CORE-SA-2016-010: Arbitrary File Disclosure in Form Component

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Helmut Hummel

It has been discovered, that TYPO3 Form Component is susceptible to Arbitrary File Disclosure.
Read more
Tue. 12th April, 2016
TYPO3-CORE-SA-2016-009: Cross-Site Scripting in TYPO3 Backend

Categories: TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Helmut Hummel

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
Read more
Thu. 24th March, 2016
TYPO3-EXT-SA-2016-009: Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Ajax mail subscription" (ods_ajaxmailsubscription) is susceptible to Insecure Authentication and Session…
Read more
Thu. 10th March, 2016
TYPO3-EXT-SA-2016-008: SQL Injection in extension "Another simple gallery" (chgallery)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Another simple gallery" (chgallery) is susceptible to SQL Injection.
Read more
Thu. 10th March, 2016
TYPO3-EXT-SA-2016-007: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path…
Read more
Thu. 3rd March, 2016
TYPO3-EXT-SA-2016-006: Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Apache Solr for TYPO3" (solr) is susceptible to Cross-Site Scripting.
Read more
Thu. 3rd March, 2016
TYPO3-EXT-SA-2016-005: Cross-Site Scripting in extension "Extension Kickstarter" (kickstarter)

Advisory type: TYPO3 Extensions
Created by Nicole Cordes

It has been discovered that the extension "Extension Kickstarter" (kickstarter) is susceptible to Cross-Site Scripting.
Read more

Security Advisories

TYPO3-PSA-2016-001: Critical vulnerabilities in ImageMagick

TYPO3-CORE-SA-2016-012: Privilege Escalation in TYPO3 CMS

TYPO3-CORE-SA-2016-011: Authentication Bypass in TYPO3 CMS

TYPO3-CORE-SA-2016-010: Arbitrary File Disclosure in Form Component

TYPO3-CORE-SA-2016-009: Cross-Site Scripting in TYPO3 Backend

TYPO3-EXT-SA-2016-009: Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)

TYPO3-EXT-SA-2016-008: SQL Injection in extension "Another simple gallery" (chgallery)

TYPO3-EXT-SA-2016-007: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

TYPO3-EXT-SA-2016-006: Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)

TYPO3-EXT-SA-2016-005: Cross-Site Scripting in extension "Extension Kickstarter" (kickstarter)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links